Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/08/2024, 07:27

General

  • Target

    6aebfb5f5633404634d1d1ffaa962820N.exe

  • Size

    29KB

  • MD5

    6aebfb5f5633404634d1d1ffaa962820

  • SHA1

    1c6fd52fc7726d4c7ac1597ed59874ffb3d2268f

  • SHA256

    4f844ecae6ec1799c6dfd917f8da5f19fb863ed842a01e34a18db32147e04bf0

  • SHA512

    2c385765be5df80b426029a31d16c52d0b5925b122e582f3cb706ce38e6a4ddc5cdf17dd6767b574d561d6b1cf880016fae1b5781dd413aefba19ebd0003284e

  • SSDEEP

    384:v/4LNJY74JwOllSBQmrb0i5PrmqHIKpa54b5f0iws0wGXeE:v/qSamrxDmqoKM4Z0iwtwAZ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6aebfb5f5633404634d1d1ffaa962820N.exe
    "C:\Users\Admin\AppData\Local\Temp\6aebfb5f5633404634d1d1ffaa962820N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:232
    • C:\Users\Admin\AppData\Local\Temp\2024080307.exe
      C:\Users\Admin\AppData\Local\Temp\2024080307.exe down
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:3152
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\del.bat
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2220

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2024080307.exe

    Filesize

    29KB

    MD5

    c7a3d1880d6a0a1a6ece4d9d3fcaa821

    SHA1

    72bf7deb94e59288b4a89b0abb7e4ab34a301b98

    SHA256

    cdc8e0d9e3decf1b073fad1e0b1b8c5f588e50fa18b55dba0e6e5dc49b770390

    SHA512

    e7ca99ba3f8325bcdc698a4d260590d9fd814ab8333084081a8e049b5b486dab26644b0525941d24140d47857f4508e1f1ae30bdfcb9240a67d9e573c44cdbf8

  • C:\Users\Admin\AppData\Local\Temp\del.bat

    Filesize

    174B

    MD5

    85865696552da793a4c8ed52ab95a174

    SHA1

    f9a5acccda63787541dad36ecf2a5ee9f304c90a

    SHA256

    b414467bd4a7043f2c4debda871dbe549eb129d3b180158aa4a32be22c00e53f

    SHA512

    cae0f8a9fb082898b444283627cd8bd546acfaaf241278a7f6ba5e172de25e0f0b003bd51c0a712884e737fdce500d76516fb882589b1d7028acc238d209f07b

  • memory/3152-14-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB