Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3838289958...0N.exe

windows7-x64

7

3838289958...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/08/2024, 02:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3838289958840a4332ba24e875ebbdb0N.exe

  • Size

    410KB

  • MD5

    3838289958840a4332ba24e875ebbdb0

  • SHA1

    0e71f701564e6bb533f0acdb73a2444b4bf1ab60

  • SHA256

    fd66c808628b9b1d2637d6a2a84671da60ac58466a96501a2dde90b7c306bc4d

  • SHA512

    e4a6acdbf4dae28cb1ec6ea2f6a935fb726d27f634f9aae3a2f7845f8f8fb73d701ea39a2833537e04bb2cce93ff147bb7bf23bbb9c4daba59a59520dc4e4a0c

  • SSDEEP

    6144:6BxIK3CTW8TMjp41u6nyHwnZgBalKNNY7/r5ukesPBRS5LVLDf5wkE68lJ:CxIK9V14ImyHYU6//5uURS515wkK

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3838289958840a4332ba24e875ebbdb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\3838289958840a4332ba24e875ebbdb0N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3468
    • C:\ProgramData\dscpab.exe
      "C:\ProgramData\dscpab.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:4804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Documents and Settings .exe
    Filesize

    410KB

    MD5

    08f37d0d178fd7bc98bd079647653725

    SHA1

    f75d77e52a756b8f8895117d25206729176c85e9

    SHA256

    dd7bbd14e219f05c3a18c8e9b2b384ef3ee2b968226a9dfa4a9f22b709f7c016

    SHA512

    42eae6c25fda1eba7c183d76120147061e428f49da112efb6ec9e39801236cfa3e3a6778182c684decd6eeda8a3992aed809ec592bc7eb60fd7ab914f231d2cc

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    150KB

    MD5

    aef10b9ba25f907727558514f2dfbab0

    SHA1

    d67383ef1b23d4da72339d66de9541c2e1efaf53

    SHA256

    f5e77ddc706f6dffe056dc2f8a88adece36e0e4552bc70a85f36b1e01fe547ad

    SHA512

    5e607a70ca3fa489897f8df0c96570709839364cd8cabd5f76386dfff01ca2986d50c120cf82926dff950c7d7b6ec833ea7558b64ec8f0dfe2e5070abf1da103

    Download Submit

  • C:\ProgramData\dscpab.exe
    Filesize

    259KB

    MD5

    8f892235aba18fc1f2f644820bbeaf8f

    SHA1

    2b7f92f3a619dc981bca4410c8babaaee2fca777

    SHA256

    a125099a25105720c24d2e68a1f8c944c4abe95c282e5602dd09bb2f22f0e582

    SHA512

    46d6eae53f695b25ab76986ab1fd40b03456c64e61dec286828fd6bcd01d5c468dfae27f1e2796610378a78e001f3e9979ccfb69652181060ad2bac4e65749a3

    Download Submit

  • memory/3468-0-0x0000000000400000-0x000000000047C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/3468-1-0x0000000000400000-0x000000000047C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/3468-9-0x0000000000400000-0x000000000047C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/4804-130-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download