Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

532c81a2fb...0N.exe

windows7-x64

7

532c81a2fb...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/08/2024, 03:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    532c81a2fbc19deb15cfca62be2c7f00N.exe

  • Size

    511KB

  • MD5

    532c81a2fbc19deb15cfca62be2c7f00

  • SHA1

    d48745beb4f4d6d89fa5b20cb7dc51b79a4b3f31

  • SHA256

    4832101d2927f85e490292636eea03804151bb3893b112f7326d8069ac599e6f

  • SHA512

    64c87222c970b509c72d43853bcd3e826bbe2265503acc12445c9aab490fcd10f78abe3be2601ae5aaa6a20d76a9934e25ea92c2f26fb35412c6a98da0cbb984

  • SSDEEP

    12288:H1/aGLDCMNpNAkoSzZWD8ayX2MQCw7D08Jo5:H1/aGLDCM4D8ayGMb5

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\532c81a2fbc19deb15cfca62be2c7f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\532c81a2fbc19deb15cfca62be2c7f00N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1240
    • C:\ProgramData\djtes.exe
      "C:\ProgramData\djtes.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:1948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\DDF.sys .exe
    Filesize

    511KB

    MD5

    7738ec525af682a76436dfa930dd743a

    SHA1

    d7d1b32a0f0cf6c298e624cb79699b0c0e021525

    SHA256

    792fa37f8210a84403e38e78af1a2bb3fc9391843201e3109c7c9a3a582ca91f

    SHA512

    89852fe07f01bb59b93b5fb5b726999ea0b5a06fc2fdb91574e3ffc4193a16ec3ff0100a8e860376bc776f89c3aad5eb2b408ecb0e842a0de614fc00aec9f02e

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    255KB

    MD5

    f351898b5ba2d709e4d73d3160071029

    SHA1

    5bddf9621650635913bea3f15cb0f7108a09079e

    SHA256

    22972cfc5b13ea8cedef1adca83358f89fea716b3e775bd70553ed44ef04e668

    SHA512

    c9c680f93577ca853d9db3d9b84d16a43c1986c95d3bfc4ff3bbbafaa585cf6ee6ada6da6e86cea529e817f39e4e98d78c1ad99069aa417514ef5bab735ccf88

    Download Submit

  • C:\ProgramData\djtes.exe
    Filesize

    256KB

    MD5

    bdf66f6afa5b7620acaadbc9c61432bc

    SHA1

    b78ab12dd07c17c19a8b86140e2ce843ffaa6190

    SHA256

    2cc151a6ef226842e192606d080a22fd1f4b9b1d6d42e6c8c83ba562ab8b4134

    SHA512

    a7bfa1d088bab4041e5dbd369e25ddaa5731630d4adba6282e38845bd1b330becf33502750b5725cc8f184361d4810efec276bb670a3d00355190eff26799902

    Download Submit

  • memory/1240-7-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1948-130-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download