Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

5dba7cd174...0N.exe

windows7-x64

8

5dba7cd174...0N.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    101s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5dba7cd17466d25172134642ef4ea7b0N.exe

  • Size

    140KB

  • MD5

    5dba7cd17466d25172134642ef4ea7b0

  • SHA1

    eb96684eeaabd90e868db4961cbb741cc42bc5fd

  • SHA256

    df3d22ad30c3b5a789e6a064a0c2311d88bcf33e001f9889308f13a8160a04dd

  • SHA512

    c2b3d3a9f8b221705b21b1b16fda2984bbe794ed4dd4d98c547e35ba6ad93f60a5341320cf8023d2f57b27d639f1df7e7e6c18162893774563327910448dd0fe

  • SSDEEP

    3072:FC+b/xEwBxygI9vj0AT1smXA3HizrYZ6oXHqBNI5xr:k+LxBxULrsr3CffoXKBy55

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: AppInit DLLs 1 TTPs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\5dba7cd17466d25172134642ef4ea7b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5dba7cd17466d25172134642ef4ea7b0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:5000
  • C:\PROGRA~3\Mozilla\ksygpla.exe
    C:\PROGRA~3\Mozilla\ksygpla.exe -vwpcxle
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\ksygpla.exe
    Filesize

    140KB

    MD5

    f9e3a95ef27b71a4e437865e8750b70f

    SHA1

    41d374b6b25aebb54dcd3b9d0cc5ecc4b7d91581

    SHA256

    7f0cc5f0e5bf1f0f58d6d1b993b8a4af112b0d3a2d8e06698c74671f004e9057

    SHA512

    d1d14780d7a110b189012877797954b01feac481463141d982d806f675b1bcd5d6a2a32a15118943a4894f46167e5885208f6d1e6bb9a7a6028fed4fbaa4f24d

    Download Submit

  • memory/4892-11-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/4892-12-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/4892-13-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/4892-16-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/4892-18-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/5000-0-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/5000-1-0x0000000000401000-0x0000000000403000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5000-2-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/5000-3-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/5000-4-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/5000-9-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download