Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    240s
  • max time network
    242s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    07/08/2024, 02:04

General

  • Target

    GBgvQcZI.exe

  • Size

    5.4MB

  • MD5

    44a4d63d84c1994a941860fdf0a10aae

  • SHA1

    0150f8f5bda824262045c0527fde43a7907769a9

  • SHA256

    ef4b5c68a718ac34a957ada64a366868b7a609887208634d46e5ad75a8c70bdc

  • SHA512

    91c7a98e242791fab3d387d7df2a41e9880ef5a4038324222e095f894b68530cad1cba17a195f7a4c5aff32162368c54c60a11afa567699807df630a35d92276

  • SSDEEP

    98304:CuWti1XTyinOyRivbmBoPhvTdhnstbgjO2rXftnFO8KDTkecARNFh/B:C9gTyZyRcbsoPZm8fO8skec2h5

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GBgvQcZI.exe
    "C:\Users\Admin\AppData\Local\Temp\GBgvQcZI.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Users\Admin\AppData\Local\Temp\bhUYOqb.exe
      "C:\Users\Admin\AppData\Local\Temp\bhUYOqb.exe"
      2⤵
      • Executes dropped EXE
      PID:2452

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\bhUYOqb.exe

    Filesize

    125KB

    MD5

    4672adb9826ab075ef62f2739cfd64dd

    SHA1

    501581229a209a6b44c999a56916d5bf182ed29a

    SHA256

    2b9901eb640caec6a590be613800396ec132689c66de2be128915ee86c4c9367

    SHA512

    f165dd7c13af6adc195bbff34b2daa5c7f156eac04672d583161c31d6191bd07f762a612adc08cf44a8f8284133505de207d79a083163421a1b26717225aa207