Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2440a9787a...0N.exe

windows7-x64

1

2440a9787a...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/07/2024, 00:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2440a9787adf570cacc80bed06ed7a80N.exe

  • Size

    91KB

  • MD5

    2440a9787adf570cacc80bed06ed7a80

  • SHA1

    d55711ca4c773cb3725cfc1ba72479d3ee124a77

  • SHA256

    d8d9882bfd1ea95c504ac11891768790182b93fca449a0a87ad34c87e0ca032a

  • SHA512

    3cd3923572a63e5e0852c38ba9449cefc826f18afe2a9ce1e5cb0a7c9b0faaa8158d0b55fc80d939ec18fa0b50a90b10162cc7975849767b9899ad356f0f79a1

  • SSDEEP

    1536:nFnBN+ghQKKe8MGbSs2t3hzBMU+jhGzF6/jOyJak3B7XFD1nVpvjNlRnUskD/Asr:nNxw708yau5p5FtyM6IkQdbsxC

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 17 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 44 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2440a9787adf570cacc80bed06ed7a80N.exe
    "C:\Users\Admin\AppData\Local\Temp\2440a9787adf570cacc80bed06ed7a80N.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4804
    • C:\Windows\SysWOW64\urdvxc.exe
      C:\Windows\system32\urdvxc.exe /installservice
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:3052
    • C:\Windows\SysWOW64\urdvxc.exe
      C:\Windows\system32\urdvxc.exe /start
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      PID:2092
    • C:\Windows\SysWOW64\urdvxc.exe
      C:\Windows\system32\urdvxc.exe /uninstallservice patch:C:\Users\Admin\AppData\Local\Temp\2440a9787adf570cacc80bed06ed7a80N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Modifies registry class
      PID:2432
  • C:\Windows\SysWOW64\urdvxc.exe
    "C:\Windows\SysWOW64\urdvxc.exe" /service
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:3144
  • C:\Windows\SysWOW64\urdvxc.exe
    "C:\Windows\SysWOW64\urdvxc.exe" /service
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies registry class
    PID:1936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\urdvxc.exe
    Filesize

    91KB

    MD5

    2440a9787adf570cacc80bed06ed7a80

    SHA1

    d55711ca4c773cb3725cfc1ba72479d3ee124a77

    SHA256

    d8d9882bfd1ea95c504ac11891768790182b93fca449a0a87ad34c87e0ca032a

    SHA512

    3cd3923572a63e5e0852c38ba9449cefc826f18afe2a9ce1e5cb0a7c9b0faaa8158d0b55fc80d939ec18fa0b50a90b10162cc7975849767b9899ad356f0f79a1

    Download Submit

  • memory/1936-6070-0x00000000001C0000-0x00000000001DF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2092-10-0x00000000001C0000-0x00000000001DF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2432-20-0x00000000001C0000-0x00000000001DF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3052-6-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3052-7-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3052-8-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-45-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-52-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-21-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-12-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-22-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-23-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-24-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-25-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-26-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-27-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-28-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-29-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-30-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-32-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-31-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-50-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-34-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-35-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-36-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-37-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-38-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-39-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-40-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-41-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-42-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-43-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-44-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-13-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-46-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-47-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-17-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-48-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-33-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-51-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-49-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-53-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-55-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-56-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-57-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-58-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-59-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-60-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-61-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-63-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-64-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-65-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-66-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-67-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-68-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-69-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-71-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-72-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-73-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-74-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-75-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-76-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-78-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-79-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-1266-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3144-6068-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4804-0-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4804-1-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4804-19-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download