Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

878b7cb6ac...0N.exe

windows7-x64

7

878b7cb6ac...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    27/07/2024, 03:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    878b7cb6ac844f487fb27285a4fc2e00N.exe

  • Size

    395KB

  • MD5

    878b7cb6ac844f487fb27285a4fc2e00

  • SHA1

    9223ea7fa664eef5c44860681014d3ba123af71c

  • SHA256

    787b2ba609ccaf1fdbf3f16624899f968f1f7f85d1d9a66f1884b385f84f9ebd

  • SHA512

    fb6466f1d58893bbbf07e430f67a1014a0b87c7e627503873ab079c240e5c9a1bf78954a9786b4e03eb6a0e0192c2b74123b99e5c10da3c85729ed41a2f9a256

  • SSDEEP

    12288:4jauDReWczWyAzsVI1Iqt34sVgbg/ikat47ZosNoz8ZmGT+h6SimZGBbtM:4DDKWy3CZ0

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\878b7cb6ac844f487fb27285a4fc2e00N.exe
    "C:\Users\Admin\AppData\Local\Temp\878b7cb6ac844f487fb27285a4fc2e00N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2604
    • C:\ProgramData\dnldi.exe
      "C:\ProgramData\dnldi.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Documents and Settings .exe
    Filesize

    395KB

    MD5

    a5ff708a4f150eca684f50502558915e

    SHA1

    6a1f7bdd99d9b401b46c63caf434f54ce9e4a4a8

    SHA256

    362573e69e96c455fe850d50552dff0816b27b64df40948f0f300b3d4a526a21

    SHA512

    9126810c7d6d146ef61bba30ab6c4ca20d52a1400f5d9ada5f797ca82740432c0386aa75e92e05c2c7219b130ac561329ac1d4511a43e3bee012e84586426747

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    cb4c442a26bb46671c638c794bf535af

    SHA1

    8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

    SHA256

    f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

    SHA512

    074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

    Download Submit

  • \ProgramData\dnldi.exe
    Filesize

    258KB

    MD5

    575441ff9067406b3edb87ec48641886

    SHA1

    4d119233fb4250b0353cc30e4c3865e6e5bfaee5

    SHA256

    0d2fba65996f86125940469988a668f9f5ee61bf33ab6e0e24982111c5efee35

    SHA512

    27e17c4e2b6282781e52239a743c993a7fbb2f52baf28f78cffbc5a42b76436b9ec3ed8eb8a66944fd76afa089dbe544ff24b2c6519ab475fb10bb2e38817e48

    Download Submit

  • memory/860-137-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/2604-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2604-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2604-14-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download