Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

796d5fd43f...0N.exe

windows7-x64

7

796d5fd43f...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    27/07/2024, 01:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    796d5fd43f61d0aa651c36d3319a2430N.exe

  • Size

    97KB

  • MD5

    796d5fd43f61d0aa651c36d3319a2430

  • SHA1

    1811e71f462857ec98c27ef86e45dcdeb1eff0ae

  • SHA256

    66c3f4fdab0b40e546042e39736780936d3a80f5f04d563a4c3b007b72e3edcc

  • SHA512

    910acd2cdf73278514be544e0b30060ec3dc4c1a3c7ce2e84e267242b65fa5d2d060012409243cd41aacbbb62f9c2fd3b30e938141915ffd9462bbbfc2c0f764

  • SSDEEP

    1536:iF0AJzLopHG9aa+9qX3apJoAKWYr0vcioyjp2RXKTzRZICrWaGZh7e:iiApLN9aa+9U2EWyipjp2R6JJrWNZ4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\796d5fd43f61d0aa651c36d3319a2430N.exe
    "C:\Users\Admin\AppData\Local\Temp\796d5fd43f61d0aa651c36d3319a2430N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2120
    • C:\ProgramData\Update\WwanSvc.exe
      "C:\ProgramData\Update\WwanSvc.exe" /run
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2380

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Update\WwanSvc.exe
    Filesize

    97KB

    MD5

    b26b304402582350602777ca6c883087

    SHA1

    80652799316a584dab1f0d2d830249c0cc2f20f3

    SHA256

    d79a99d377a30a8dbc3725ff1731afd39f0e7d8ca489cd56cb1a01f3c2f778b7

    SHA512

    b3bd4f116f27f5ad84ac6cff54da09fe0780722d3615d3e64faf29876528aef954ec0d8a89ff71944228e347e9874a41787c31ccbe1e271dbb881d87edf593c9

    Download Submit

  • memory/2120-0-0x0000000000810000-0x000000000082E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2120-4-0x0000000000130000-0x000000000014E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2120-8-0x0000000000810000-0x000000000082E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2120-10-0x0000000000810000-0x000000000082E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2380-7-0x00000000010C0000-0x00000000010DE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2380-9-0x00000000010C0000-0x00000000010DE000-memory.dmp

    Filesize

    120KB

    Download