Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

44d6fb7802...0N.exe

windows7-x64

7

44d6fb7802...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/08/2024, 03:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    44d6fb7802ef1b75c5dea87e53b607a0N.exe

  • Size

    74KB

  • MD5

    44d6fb7802ef1b75c5dea87e53b607a0

  • SHA1

    0d56b6c5065ed5623d9a6991c2271b967c367376

  • SHA256

    a3f12562af7e4591238c2549829c5e408a163773423acb4fa9da6aae888aaf13

  • SHA512

    532cdbbd2f7e92ce9a1db9aa7f14ae7a8ee83673417575692474964909637d503d2ae50732e7d83de623997645090ca85d7cfe1d7156da1ddaa277560dc88425

  • SSDEEP

    1536:86RAo0ej2d6rnJwwvlNlIUBvsI7hrhEh9cpDN/qhAvP3OChhW4dI0h4HCIzhUvTH:xAo1lOwvlNlXBvsI7hrhEh9cpDN/qhA5

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\44d6fb7802ef1b75c5dea87e53b607a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44d6fb7802ef1b75c5dea87e53b607a0N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3676
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:3180

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    74KB

    MD5

    a15a00cd0afd9d1f4ef8a14a85dc0364

    SHA1

    bb13c01c3bd3b1818237d23655dc8400ee18896c

    SHA256

    22c614566e3f6f4ee26ec154a805128c555e5577f1be93b45bfa327f105ec99d

    SHA512

    a62daeec96ab34acb1b9c91557f24fabe14dcc94c9d3d82709a996b3ecceb30818a427dc73ad739fb2536cdd5157af00b845fd60bbad2d1b9485d3df05e882c6

    Download Submit

  • memory/3180-5-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3180-7-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3676-0-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3676-6-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download