Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    103s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/07/2024, 07:51

General

  • Target

    696dc28f0674f41742355b3f2e167270N.exe

  • Size

    39KB

  • MD5

    696dc28f0674f41742355b3f2e167270

  • SHA1

    8328d1843601bb6e4d44c70c7e156bd90f00913d

  • SHA256

    b103827df422104e89b003c174c8442c879879b7ef886c943a3306b11f8d116f

  • SHA512

    e544a7073a4df03b128c968d604f38774f67020a7f3921cf377ff4b3e5f2fdd05c9ccc5c3a764651480801d4eb4191a8f2eb3e2e58716bf9381d74cad4019971

  • SSDEEP

    192:jEdMPnwR2bCL8KktnAs7lp1FHif+SjInE6rNr5TdWooAeXR/V49d444UefDSwpIX:jFPnwR2Ca1lpvH6dMtRe5/J0

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\696dc28f0674f41742355b3f2e167270N.exe
    "C:\Users\Admin\AppData\Local\Temp\696dc28f0674f41742355b3f2e167270N.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2904
    • C:\Users\Admin\AppData\Local\Temp\gert.exe
      "C:\Users\Admin\AppData\Local\Temp\gert.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:1660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\gert.exe

    Filesize

    39KB

    MD5

    e6d545d3fec7aa2ed39ad316e42e6950

    SHA1

    d09bbf30046083494d89c079f8ead2337afbc2d1

    SHA256

    40695e976d5185428f901f1aecaedc2387fa00d44d3432dd62b357c60146400d

    SHA512

    f769ef77ecbdd82f38739a1b8265534f6fff54e859d67a96e62038b95546953ef6c1a9c8536d442f153efe5af3957395b89b429b448db308c9bc5f83139cbc5d

  • C:\Users\Admin\AppData\Local\Temp\wekol.exe

    Filesize

    4KB

    MD5

    b649bb4bbcec6444434d2df7501effb6

    SHA1

    f8a04ac654e2234fa2644abf8e293d02bc01c8fd

    SHA256

    c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

    SHA512

    7265c870e9d51cd6f4936860ec4443ae21754634997be1294bd17c8cbe0c23dba56e730bcacecfa73f5b305fbefaf5b75e2747dfd3cd83cfe6b416ac8cc7ecf2