Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

191baadbf1...0N.exe

windows7-x64

7

191baadbf1...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    111s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/07/2024, 20:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    191baadbf13fd75c1224c5b46bc82c30N.exe

  • Size

    42KB

  • MD5

    191baadbf13fd75c1224c5b46bc82c30

  • SHA1

    79096508db7aaded4b42f6115865136481e1b06a

  • SHA256

    109762f26f2b853654b8f4ba054e3998545e4db3101022a31adefb93a74ffcc2

  • SHA512

    e71d4c98cbae8a9f9ec95566b9ec05e6c9d5d1c8c80e7ba818d036c884fb7b1c6caff4160aa827dc44d03e7b09ace98044c003eeae09f4255fc8e0f6b1f02e4d

  • SSDEEP

    384:EACDQL/TQfYjQXoHyglpIK0KYTA6QXEVvYpMlQYpxlqiq8sSKpEq8:EXQLGCQYHyY6gX8v+slxf

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\191baadbf13fd75c1224c5b46bc82c30N.exe
    "C:\Users\Admin\AppData\Local\Temp\191baadbf13fd75c1224c5b46bc82c30N.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4628
    • C:\Users\Admin\AppData\Local\Temp\budha.exe
      "C:\Users\Admin\AppData\Local\Temp\budha.exe"
      2⤵
      • Executes dropped EXE
      PID:632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\budha.exe
    Filesize

    42KB

    MD5

    94ac82095000af432ec4d8fbded8bf26

    SHA1

    7800fb0fa2bf95336cd25ae4d7cda9c0b88541e5

    SHA256

    277ca7f4beb87edef5bfb6e855354346fa77a299c1ed3eb2f80f5e85a016c2f6

    SHA512

    1598046eb9a74f58a306f8910a3d1dda844494d3695fde2728c7c154c7cc2ba30176de3535d9c5fef8a1d03f65e81c4f48a2c95eecb192341562eb8c4c94f83b

    Download Submit

  • memory/632-12-0x0000000002570000-0x0000000002571000-memory.dmp

    Filesize

    4KB

    Download

  • memory/632-13-0x0000000002580000-0x0000000002980000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/632-14-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4628-0-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4628-1-0x00000000021E0000-0x00000000021E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4628-3-0x00000000027E0000-0x0000000002BE0000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4628-11-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download