Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240730-en -
resource tags
-
submitted
01/08/2024, 20:35
General
-
Target
32bwsx.exe
-
Size
396KB
-
MD5
4bdf8b86122f7a4b0788c0e1d49a3ca1
-
SHA1
4716bfa0f21b62dd57dba32a796a5f7651f8550a
-
SHA256
0e2c63949e01e88c1c0610d4ea466f4061199c34349749066d08baec9a97e439
-
SHA512
6d93858615882bdb758bc4cdcd244400afde25fc23b98cecb4911e5149a370f19e43c68a6086293e1e38458c1a2e1502a6724cce166bdca9e2396bfb5ceab3ba
-
SSDEEP
12288:X63rVv5WySvWfEXf3jFe/IrBGwSwYzbIL:QrVYyk0of3jk/wAJ
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\32bwsx.exe"C:\Users\Admin\AppData\Local\Temp\32bwsx.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\WZSEFEE.tmp\INSTALL.EXEINSTALL.EXE2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
332KB
MD565195253304179eb060cd0bf2c62debb
SHA19bd414d5fd0edaa3a281ab631a18b6cd5b4bf312
SHA25626c599cfc76f81c983cf441c6d25b1814edf167c7f5dc2dc49f3ccb34a7037b1
SHA512d6f820e6e02ba5703da4fd64c74efeae4498a1072ad728e1ad37da0c09ec42fb5f1864c7e5d927a898d0bbb683ffe1b5329dbd0e01606b92930b1e68d2a6097b