Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    102s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2024, 03:54

General

  • Target

    b0d851f3b0ba382c27164948901a0b95546df01e3d629a0e9f8a82afeb7ae947.exe

  • Size

    448KB

  • MD5

    206a0c4bd34acd2d7ac4f925145e2828

  • SHA1

    32d37b30b60a3b719abb2c469cc0ab49a08c6b76

  • SHA256

    b0d851f3b0ba382c27164948901a0b95546df01e3d629a0e9f8a82afeb7ae947

  • SHA512

    9b95c50ec96322883d53173981035819c6d406145167214bf8e941e37db906d2d9e50aee7626b5e47d167c835e464c52a85abe7f843b62aa75ae239103e131ae

  • SSDEEP

    12288:i9hPT29NbyozCup/RUiUY6uEzCyfi0npM4dl0v5JdmA:CT2HbyozCup/RUiUY6uEzCyfiEM4dmvl

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b0d851f3b0ba382c27164948901a0b95546df01e3d629a0e9f8a82afeb7ae947.exe
    "C:\Users\Admin\AppData\Local\Temp\b0d851f3b0ba382c27164948901a0b95546df01e3d629a0e9f8a82afeb7ae947.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2904
    • C:\Users\Admin\AppData\Local\Temp\b0d851f3b0ba382c27164948901a0b95546df01e3d629a0e9f8a82afeb7ae947.exe
      C:\Users\Admin\AppData\Local\Temp\b0d851f3b0ba382c27164948901a0b95546df01e3d629a0e9f8a82afeb7ae947.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of UnmapMainImage
      PID:2396

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\b0d851f3b0ba382c27164948901a0b95546df01e3d629a0e9f8a82afeb7ae947.exe

    Filesize

    448KB

    MD5

    f9c625056896feca0c841cc27e2d4094

    SHA1

    a71d78890aee4149af441e6ed82309d713e90951

    SHA256

    cf648aff4eb9e4aeadaf6dff99651523b950e1efa46b8be0eb1598a1e4ed8721

    SHA512

    56fb05ec0fb877587e29c059f9665e8012fb4ce81ca5251321a8552589af41130c6b62c9331d3cff8c0ba02d631c743805cb0b783c8a01db46905a3aaefdbc31

  • memory/2396-11-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

  • memory/2396-16-0x0000000000130000-0x000000000016F000-memory.dmp

    Filesize

    252KB

  • memory/2396-17-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

  • memory/2904-0-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

  • memory/2904-6-0x0000000000300000-0x000000000033F000-memory.dmp

    Filesize

    252KB

  • memory/2904-10-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB