Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Mountain.exe

windows10-1703-x64

10

Mountain.exe

windows7-x64

7

Mountain.exe

windows10-2004-x64

9

Mountain.exe

windows11-21h2-x64

9

Mountain.exe

android-10-x64

Mountain.exe

android-11-x64

Mountain.exe

android-13-x64

Mountain.exe

android-9-x86

Mountain.exe

macos-10.15-amd64

4

Mountain.exe

macos-10.15-amd64

1

Mountain.exe

debian-12-armhf

Mountain.exe

debian-12-mipsel

Mountain.exe

debian-9-armhf

Mountain.exe

debian-9-mips

Mountain.exe

debian-9-mipsel

Mountain.exe

ubuntu-18.04-amd64

Mountain.exe

ubuntu-20.04-amd64

Mountain.exe

ubuntu-22.04-amd64

Mountain.exe

ubuntu-24.04-amd64

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    08/08/2024, 21:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Mountain.exe

  • Size

    8.2MB

  • MD5

    1dd5fbdd730bb9846d82c3eb08041a45

  • SHA1

    52f9af7bfe8d4e012272c4e65c7f51874f19c60e

  • SHA256

    b2626227ff600eed409e4fe32e7abaa96770c7adab72dccd5ec3dee0da0ecfe9

  • SHA512

    d61c46f39c224c3faa726083648190de6d20a8cb50e1cb0f7a6699bbf2ef5149808c1105b73c0cfd1b10e30c745a09b3018661ef226e02a1bce367f92a83eac8

  • SSDEEP

    196608:kr48PmdNLjv+bhqNVoB0SEsucQZ41JBzp0IM11tp:T8P21L+9qz80SJHQK1Jlpe1vp

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Mountain.exe
    "C:\Users\Admin\AppData\Local\Temp\Mountain.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2956
    • C:\Users\Admin\AppData\Local\Temp\Mountain.exe
      "C:\Users\Admin\AppData\Local\Temp\Mountain.exe"
      2⤵
      • Loads dropped DLL
      PID:2700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI29562\api-ms-win-core-file-l1-2-0.dll
    Filesize

    20KB

    MD5

    b5060343583e6be3b3de33ccd40398e0

    SHA1

    5b33b8db5d6cfb0e8a5bb7f209df2c6191b02edb

    SHA256

    27878021c6d48fb669f1822821b5934f5a2904740bebb340b6849e7635490cb7

    SHA512

    86610edc05aa1b756c87160f9eefe9365e3f712c5bed18c8feca3cae12aef07ccc44c45c4be19dc8f9d337a6f6709b260c89019a5efcfe9fa0847d85ab64d282

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI29562\api-ms-win-core-file-l2-1-0.dll
    Filesize

    20KB

    MD5

    2e8995e2320e313545c3ddb5c71dc232

    SHA1

    45d079a704bec060a15f8eba3eab22ac5cf756c6

    SHA256

    c55eb043454ac2d460f86ea26f934ecb16bdb1d05294c168193a05090bf1c56c

    SHA512

    19adcc5dd98f30b4eebefe344e1939c93c284c802043ea3ac22654cf2e23692f868a00a482c9be1b1e88089a5031fa81a3f1165175224309828bd28ee12f2d49

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI29562\api-ms-win-core-localization-l1-2-0.dll
    Filesize

    22KB

    MD5

    54d2f426bc91ecf321908d133b069b20

    SHA1

    78892ea2873091f016daa87d2c0070b6c917131f

    SHA256

    646b28a20208be68439d73efa21be59e12ed0a5fe9e63e5d3057ca7b84bc6641

    SHA512

    6b1b095d5e3cc3d5909ebda4846568234b9bc43784919731dd906b6fa62aa1fdf723ac0d18bca75d74616e2c54c82d1402cc8529d75cb1d7744f91622ac4ec06

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI29562\api-ms-win-core-processthreads-l1-1-1.dll
    Filesize

    20KB

    MD5

    d1b3cc23127884d9eff1940f5b98e7aa

    SHA1

    d1b108e9fce8fba1c648afaad458050165502878

    SHA256

    51a73fbfa2afe5e45962031618ec347aaa0857b11f3cf273f4c218354bfe70cb

    SHA512

    ee5e0d546190e8ba9884ab887d11bb18fc71d3878983b544cd9ab80b6dd18ad65e66fe49fe0f4b92cbc51992fb1c39de091cf789159625341a03f4911b968fa2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI29562\api-ms-win-core-timezone-l1-1-0.dll
    Filesize

    20KB

    MD5

    36165a5050672b7b0e04cb1f3d7b1b8f

    SHA1

    ef17c4622f41ef217a16078e8135acd4e2cf9443

    SHA256

    d7ab47157bff1b2347e7ae945517b4fc256425939ba7b6288ff85a51931568a7

    SHA512

    da360ff716bb66dd1adb5d86866b4b81b08a6fe86362fded05430f833a96934ccdada1b3081b55766a4a30c16d0d62aa1715b8839ea5c405a40d9911715dae68

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI29562\python311.dll
    Filesize

    1.6MB

    MD5

    76eb1ad615ba6600ce747bf1acde6679

    SHA1

    d3e1318077217372653be3947635b93df68156a4

    SHA256

    30be871735591ad96bc3fc7e541cdef474366159c2f7443feb30739cbd2db7e1

    SHA512

    2b960e74dd73f61d6a44fef0de9f2d50bcf2ec856b7aa5b97f0107e3cdadea461790760668a67db2ecaf71ff323133ee39ce2b38aafff3629c14e736d6a64aeb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI29562\ucrtbase.dll
    Filesize

    1002KB

    MD5

    298e85be72551d0cdd9ed650587cfdc6

    SHA1

    5a82bcc324fb28a5147b4e879b937fb8a56b760c

    SHA256

    eb89af5911a60d892a685181c397d32b72c61dc2ad77dd45b8cac0fbb7602b84

    SHA512

    3fafea5ff0d0b4e07f6354c37b367ada4da1b607186690c732364518a93c3fd2f5004014c9c3d23dde28db87d1cb9ae1259cda68b9ba757db59a59d387ac4e02

    Download Submit

  • memory/2700-74-0x000007FEF5F60000-0x000007FEF654E000-memory.dmp

    Filesize

    5.9MB

    Download