Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
13s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
03/08/2024, 04:19
Static task
static1
Behavioral task
behavioral1
Sample
OperaGXSetup (1).exe
Resource
win7-20240704-en
General
-
Target
OperaGXSetup (1).exe
-
Size
3.1MB
-
MD5
3ff24a81ae3cfe0f5bad2904240743d8
-
SHA1
503599a23b1a77f7cd0e155791db2ef8acdcce37
-
SHA256
c6dc697b68f4744bfd38cfd8f62e179fd236ecbbcb7e7555fdabd2d30dac9f73
-
SHA512
1e9cf2a7371546d25180c1be3059b2f90f1018104b55214a83ea25b633a90151a80140bb6c7d18fd98501c0ee79865d8d6b68f3df7d8ea597bd0c92861d0fd41
-
SSDEEP
49152:eNEyYYC1hqiJckG38dBFOhg5/6qF3rjb/h4CNcTCP8xphzSNtOSe+aSc:UEP1y3+0hgh6u/ZcTCP8BzONaSc
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2188 setup.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language OperaGXSetup (1).exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\OperaGXSetup (1).exe"C:\Users\Admin\AppData\Local\Temp\OperaGXSetup (1).exe"1⤵
- System Location Discovery: System Language Discovery
PID:2288 -
C:\Users\Admin\AppData\Local\Temp\7zS0F897FC7\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS0F897FC7\setup.exe --server-tracking-blob=NDFmYzkwMjMzMWM4NTY2MzA4YTQyYWYyMTg5N2YzM2RlNDYyMmQ4NWI0MzQ3MDVkOGQwZjk5YzkwYjM2Zjk5Njp7ImNvdW50cnkiOiJDQSIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9DQV9IVlJfV0VCXzM1NDYmZWRpdGlvbj1zdGQtMiZ1dG1fY29udGVudD0zNTQ2X2QyZjZjZDY5LTU4ODctNDlmZC04ZDAyLTVhNWZmOWYzN2JmNyZ1dG1faWQ9NjE2OTgxNDQxY2IzNDE0OWI4MjAyMjQ2ZTEyMTBmZGImaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5vcGVyYS5jb20lMkZnZXQlMkZvcGVyYS1neCUzRnV0bV9jb250ZW50JTNEMzU0Nl9kMmY2Y2Q2OS01ODg3LTQ5ZmQtOGQwMi01YTVmZjlmMzdiZjclMjZ1dG1fc291cmNlJTNEUFdOZ2FtZXMlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fY2FtcGFpZ24lM0RQV05fQ0FfSFZSX1dFQl8zNTQ2JTI2dXRtX2lkJTNENjE2OTgxNDQxY2IzNDE0OWI4MjAyMjQ2ZTEyMTBmZGIlMjZlZGl0aW9uJTNEc3RkLTImdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkZnZXQlMkZvcGVyYS1neCZ1dG1faWQ9NjE2OTgxNDQxY2IzNDE0OWI4MjAyMjQ2ZTEyMTBmZGImZGxfdG9rZW49Mjk5MzI4NjUiLCJ0aW1lc3RhbXAiOiIxNzIyNDYwNjgwLjc5NTIiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTI3LjAuMC4wIFNhZmFyaS81MzcuMzYiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fQ0FfSFZSX1dFQl8zNTQ2IiwiY29udGVudCI6IjM1NDZfZDJmNmNkNjktNTg4Ny00OWZkLThkMDItNWE1ZmY5ZjM3YmY3IiwiaWQiOiI2MTY5ODE0NDFjYjM0MTQ5YjgyMDIyNDZlMTIxMGZkYiIsImxhc3RwYWdlIjoib3BlcmEuY29tL2dldC9vcGVyYS1neCIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJiMTg0MGJiMy0wZmZhLTQ4M2EtYjZiMC0wYTBiNmZjYTI3NzEifQ==2⤵
- Executes dropped EXE
PID:2188
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.4MB
MD5241331bede4cd250aeead156de3225c0
SHA14e6ebbfda62706203c7f3016d136560854841358
SHA256b476f1c8521db36255a862af284f462eef77c4fd5233adb002137af7835f5e86
SHA5129eb8f3970645315c73e80cea2af9364d8aa68d4e3383cdf21dd0393fc74857538639793e995a66b6bd58f086738981ffc364a06b23b129fab380d0e59532d712