Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7e104e94c2...ec.exe

windows7-x64

7

7e104e94c2...ec.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/08/2024, 02:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7e104e94c2a2f1f9ee10ba5c7e70d6ec.exe

  • Size

    665KB

  • MD5

    7e104e94c2a2f1f9ee10ba5c7e70d6ec

  • SHA1

    02b8a65430ae611baa46ca48c4b4e1ebcc9101aa

  • SHA256

    ebf4048af02f662e08746174979921767cfe327a76664493f90b34c304aa9bbe

  • SHA512

    44d80b4e8429448aebab720ef8ff61086a70d06647a1f024f2397f5f1ae1258368dcce8da5f315d27eb5e14efc9349f016ea6b1e4f15302ccd069fa98705c490

  • SSDEEP

    6144:8KDEo6in3CfUzXZjCjf79GnMTvQD5Y3cFDCStRz0MCfUztDzI7ybK7Ju:mo6qhCVYq3mtRz0LUztz/K7

Score
7/10
discoveryupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7e104e94c2a2f1f9ee10ba5c7e70d6ec.exe
    "C:\Users\Admin\AppData\Local\Temp\7e104e94c2a2f1f9ee10ba5c7e70d6ec.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4248
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s actskn4.ocx
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2152
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 676
        3⤵
        • Program crash
        PID:1572
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 696
      2⤵
      • Program crash
      PID:232
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2152 -ip 2152
    1⤵
      PID:3016
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4248 -ip 4248
      1⤵
        PID:3228

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\SysWOW64\actskn4.ocx
        Filesize

        202KB

        MD5

        d756582c08158b848171e8dd24fad733

        SHA1

        d1ebfbb1446a08ad755455d458fa4b51f6a3e1e9

        SHA256

        0252537f22d6e062239050dfce23a1580283933b87b63b95e3210d959f5f2d18

        SHA512

        ca2b3fbc057dbdbf55b697d332f29631558182daf448652cba3d979e59b9c8147d86f3fa297324ab4370d4f0b8211dd446891b15959b97ffd4d8461b206c46f7

        Download Submit

      • memory/2152-7-0x0000000010000000-0x0000000010076000-memory.dmp

        Filesize

        472KB

        Download

      • memory/4248-0-0x0000000000400000-0x00000000004AB208-memory.dmp

        Filesize

        684KB

        Download

      • memory/4248-9-0x0000000010000000-0x0000000010076000-memory.dmp

        Filesize

        472KB

        Download

      • memory/4248-10-0x0000000000400000-0x00000000004AB208-memory.dmp

        Filesize

        684KB

        Download