Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

29403c8a06...0N.exe

windows7-x64

7

29403c8a06...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    103s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/07/2024, 23:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    29403c8a063a051ad809dfbffdadca70N.exe

  • Size

    28KB

  • MD5

    29403c8a063a051ad809dfbffdadca70

  • SHA1

    db8ba25e4dde2d910d1718726483ff066a18eff4

  • SHA256

    e70986f9519731ab57e4afb682538abeee79ad5ebc82207cfa00589da8d82ae8

  • SHA512

    77b410628c64a94a0c08148481de5d0f65222b844bf9003fa2836d017601eae2fcc81862f7d38e62550ffea3d0127e6c560f440af3f21416cf424decb1d3907e

  • SSDEEP

    384:6xaP8tE7bJDSxx5cLes01hUnOvKaP9NbBFiq8sSr7xkZl6YQ93IRH7h:+aP8yDSxLD2nOyaPbIWOCRH7h

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\29403c8a063a051ad809dfbffdadca70N.exe
    "C:\Users\Admin\AppData\Local\Temp\29403c8a063a051ad809dfbffdadca70N.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1776
    • C:\Users\Admin\AppData\Local\Temp\hhcbrnaff.exe
      "C:\Users\Admin\AppData\Local\Temp\hhcbrnaff.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:3292

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hhcbrnaff.exe
    Filesize

    28KB

    MD5

    ee674136bbf801d3a2bf68e6527a2c43

    SHA1

    74982bb60b2ffb210803dafb324ba020f0b83aa8

    SHA256

    e3571102bda024cb0beb6eb1f9bbd4c06cb2b29a1081b71226ba17fb9854034d

    SHA512

    40576ac24329a5d0b1cb2965a485ee1a110988c4b670a3a90281d79644becc3e7278c2f0e9aa22c04bace5bcf90938bb6db88f77ee97def18560c26d06d88197

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hhgnrddkjee.exe
    Filesize

    17B

    MD5

    eeb13468b73d93fa8bcbe3ebae6df720

    SHA1

    1f55c90d5ce61c6447e923443d496b137be35c63

    SHA256

    802600d124464157037a2519acb3cff90b97670fd04809ea902fbb95497a12ca

    SHA512

    28d8aa5b08384343fb21f594e413b99ae2f6fb5945345dd4e1af278e24dbc5ad3e8cbebfce889d397830f3fc287a4cd4728897f3aa97129558c72fd3ece23e05

    Download Submit

  • memory/1776-0-0x0000000000300000-0x0000000000306000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1776-2-0x00000000003F0000-0x00000000003F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1776-10-0x0000000000300000-0x0000000000306000-memory.dmp

    Filesize

    24KB

    Download