Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    102s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2024, 03:54 UTC

General

  • Target

    b0d851f3b0ba382c27164948901a0b95546df01e3d629a0e9f8a82afeb7ae947.exe

  • Size

    448KB

  • MD5

    206a0c4bd34acd2d7ac4f925145e2828

  • SHA1

    32d37b30b60a3b719abb2c469cc0ab49a08c6b76

  • SHA256

    b0d851f3b0ba382c27164948901a0b95546df01e3d629a0e9f8a82afeb7ae947

  • SHA512

    9b95c50ec96322883d53173981035819c6d406145167214bf8e941e37db906d2d9e50aee7626b5e47d167c835e464c52a85abe7f843b62aa75ae239103e131ae

  • SSDEEP

    12288:i9hPT29NbyozCup/RUiUY6uEzCyfi0npM4dl0v5JdmA:CT2HbyozCup/RUiUY6uEzCyfiEM4dmvl

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b0d851f3b0ba382c27164948901a0b95546df01e3d629a0e9f8a82afeb7ae947.exe
    "C:\Users\Admin\AppData\Local\Temp\b0d851f3b0ba382c27164948901a0b95546df01e3d629a0e9f8a82afeb7ae947.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2904
    • C:\Users\Admin\AppData\Local\Temp\b0d851f3b0ba382c27164948901a0b95546df01e3d629a0e9f8a82afeb7ae947.exe
      C:\Users\Admin\AppData\Local\Temp\b0d851f3b0ba382c27164948901a0b95546df01e3d629a0e9f8a82afeb7ae947.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of UnmapMainImage
      PID:2396

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\b0d851f3b0ba382c27164948901a0b95546df01e3d629a0e9f8a82afeb7ae947.exe

    Filesize

    448KB

    MD5

    f9c625056896feca0c841cc27e2d4094

    SHA1

    a71d78890aee4149af441e6ed82309d713e90951

    SHA256

    cf648aff4eb9e4aeadaf6dff99651523b950e1efa46b8be0eb1598a1e4ed8721

    SHA512

    56fb05ec0fb877587e29c059f9665e8012fb4ce81ca5251321a8552589af41130c6b62c9331d3cff8c0ba02d631c743805cb0b783c8a01db46905a3aaefdbc31

  • memory/2396-11-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

  • memory/2396-16-0x0000000000130000-0x000000000016F000-memory.dmp

    Filesize

    252KB

  • memory/2396-17-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

  • memory/2904-0-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

  • memory/2904-6-0x0000000000300000-0x000000000033F000-memory.dmp

    Filesize

    252KB

  • memory/2904-10-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.