Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

48ca527e1c...22.exe

windows7-x64

7

48ca527e1c...22.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2024, 10:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    48ca527e1c3535cdf59d3efb4372b2a9ecb72b2ace91afc553f57765032dc322.exe

  • Size

    423KB

  • MD5

    824fd3d70a605fe38823542e6bdb1c80

  • SHA1

    e933bc3ce41c8870c9448634c8df5ed17900d05f

  • SHA256

    48ca527e1c3535cdf59d3efb4372b2a9ecb72b2ace91afc553f57765032dc322

  • SHA512

    70a493fafd28ee9765df9801a5913d79875fd9ec8e68716519c36a9779e9aa36f0c885c1eef86a1fa6c1b82658c002516833518960263a0d79d88b55c3aa1121

  • SSDEEP

    6144:2lrEttaPB724vPDvhO39nidOvM+EtR07Fs3qQLyjjz2h7lkeh1+sJK8lEquUcmt:2GDaV2iA39niHtFLA2h/+sDltb

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\48ca527e1c3535cdf59d3efb4372b2a9ecb72b2ace91afc553f57765032dc322.exe
    "C:\Users\Admin\AppData\Local\Temp\48ca527e1c3535cdf59d3efb4372b2a9ecb72b2ace91afc553f57765032dc322.exe"
    1⤵
    • Checks computer location settings
    • Drops desktop.ini file(s)
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2796
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C schtasks /create /F /sc minute /mo 1 /tn "LSM" /tr "C:\Users\Admin\AppData\Local\LSM.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3388
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks /create /F /sc minute /mo 1 /tn "LSM" /tr "C:\Users\Admin\AppData\Local\LSM.exe"
        3⤵
        • Scheduled Task/Job: Scheduled Task
        PID:3668
  • C:\Users\Admin\AppData\Local\LSM.exe
    C:\Users\Admin\AppData\Local\LSM.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:3756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\LSM.exe
    Filesize

    423KB

    MD5

    55b6e947b8e58986edb46e74f1f7ead2

    SHA1

    9c65acf0c540be5776b819a28056def0f3b52e84

    SHA256

    19ab1a0c31a3a5eb3bdbf6696cae1f23fc78bbf1064235d982c3ae54c53f8b71

    SHA512

    962de8db00a93728539cf188c544096db8ca92c352de24b1832865b1160df6065e67c32568dd19900be66c314d19523fc5acc4cd19bc222c9a4e447e29746042

    Download Submit

  • C:\Users\Admin\AppData\Local\sytemp.temp
    Filesize

    846KB

    MD5

    6d53153f3e4b792d257e9395f7e36dba

    SHA1

    6ec5f9a03f1c0eeef8e71b6277339ec0dc924ae4

    SHA256

    b6a6a348144f5ee7993c358955689dbf09c03339f51a06f27acd9ad19fa3ef41

    SHA512

    55a14f32529d61defa809ec84cf270cd42e4cfc079736303eb069f65c10866d680df25288079b947057dc9ab1d81b0e7793a00be3866f0db7192c277c5af3ff9

    Download Submit

  • memory/2796-0-0x0000000075442000-0x0000000075443000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2796-1-0x0000000075440000-0x00000000759F1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2796-2-0x0000000075440000-0x00000000759F1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2796-5-0x0000000075440000-0x00000000759F1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2796-10-0x0000000075440000-0x00000000759F1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3756-13-0x0000000075440000-0x00000000759F1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3756-14-0x0000000075440000-0x00000000759F1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3756-17-0x0000000075440000-0x00000000759F1000-memory.dmp

    Filesize

    5.7MB

    Download