Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

3bfba52c10...0N.exe

windows7-x64

7

3bfba52c10...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/08/2024, 01:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3bfba52c10e795c749209d9d19d0f480N.exe

  • Size

    438KB

  • MD5

    3bfba52c10e795c749209d9d19d0f480

  • SHA1

    315edcbf95e4527349d91b4dc80b98176ab86dba

  • SHA256

    724c5cb8c170ae335736e7dbede394a7cbe2b869c8050bedfa911f71244b0d17

  • SHA512

    c22daeef136f8e7a7e08bf86efff2e46583dae33165dab9feab1bff8c243b940e82fc0066a4df8f1a8aea8f6eecbbc48d6b2113fa915b02f42ab367a6946287a

  • SSDEEP

    3072:LmVW8iTX/3Rfl8Xq1+0cxxsWEL02fXcIp08Moe9DESZLog+qaHo85a:SM7jJljxYTHYZM1vb+TI/

Score
7/10
discoverypersistenceupx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 33 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\3bfba52c10e795c749209d9d19d0f480N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bfba52c10e795c749209d9d19d0f480N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    PID:844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\macromd\AIM Account Hacker.exe
    Filesize

    89KB

    MD5

    ba7d332cd0733291eccc85d1dc26a786

    SHA1

    a54468a9d041ad1467069166a7ac3e90f15fd741

    SHA256

    98dd0a0e0e16adcea5cdcb90763648015ae3076189be0c5335a7187300688b2a

    SHA512

    014a19bc5fcd9d079612bcc9fd5d828a11a789c7431b61d539a19cc7f1ae28c36f0a27d4ef6460bc15fd1761a08912914cc9650ad403027ec1d641f0a96fa1bd

    Download Submit

  • memory/844-0-0x0000000000400000-0x0000000000468000-memory.dmp

    Filesize

    416KB

    Download

  • memory/844-34-0x0000000000400000-0x0000000000468000-memory.dmp

    Filesize

    416KB

    Download