Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20/07/2024, 07:51

General

  • Target

    696dc28f0674f41742355b3f2e167270N.exe

  • Size

    39KB

  • MD5

    696dc28f0674f41742355b3f2e167270

  • SHA1

    8328d1843601bb6e4d44c70c7e156bd90f00913d

  • SHA256

    b103827df422104e89b003c174c8442c879879b7ef886c943a3306b11f8d116f

  • SHA512

    e544a7073a4df03b128c968d604f38774f67020a7f3921cf377ff4b3e5f2fdd05c9ccc5c3a764651480801d4eb4191a8f2eb3e2e58716bf9381d74cad4019971

  • SSDEEP

    192:jEdMPnwR2bCL8KktnAs7lp1FHif+SjInE6rNr5TdWooAeXR/V49d444UefDSwpIX:jFPnwR2Ca1lpvH6dMtRe5/J0

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\696dc28f0674f41742355b3f2e167270N.exe
    "C:\Users\Admin\AppData\Local\Temp\696dc28f0674f41742355b3f2e167270N.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1380
    • C:\Users\Admin\AppData\Local\Temp\gert.exe
      "C:\Users\Admin\AppData\Local\Temp\gert.exe"
      2⤵
      • Executes dropped EXE
      PID:2168

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\gert.exe

    Filesize

    39KB

    MD5

    e6d545d3fec7aa2ed39ad316e42e6950

    SHA1

    d09bbf30046083494d89c079f8ead2337afbc2d1

    SHA256

    40695e976d5185428f901f1aecaedc2387fa00d44d3432dd62b357c60146400d

    SHA512

    f769ef77ecbdd82f38739a1b8265534f6fff54e859d67a96e62038b95546953ef6c1a9c8536d442f153efe5af3957395b89b429b448db308c9bc5f83139cbc5d