Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

4f133082e8...83.exe

windows7-x64

7

4f133082e8...83.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09/08/2024, 21:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4f133082e86ac65697cdc19ac8749ab19842f7fbad672e5d90e7c64fbc22df83.exe

  • Size

    1.5MB

  • MD5

    d3b4e6ef8b64de734755d2c7bbcaf0db

  • SHA1

    9ca08c6f013958f9629912355b6a2d7c7424ae12

  • SHA256

    4f133082e86ac65697cdc19ac8749ab19842f7fbad672e5d90e7c64fbc22df83

  • SHA512

    ead67625b9d7f32ce3f018347e6ecf3de2c11108a02f6c4b4427f03eab5dbb61ff87c31522f25b3643a002a75c125f27456a8188cbabdcd4dfb0d653ae8cd692

  • SSDEEP

    49152:lrq0R07QQmys87XEukexVJVUxDmwaAjwI:hq0+7Y8rEu5PJ6tmwnwI

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4f133082e86ac65697cdc19ac8749ab19842f7fbad672e5d90e7c64fbc22df83.exe
    "C:\Users\Admin\AppData\Local\Temp\4f133082e86ac65697cdc19ac8749ab19842f7fbad672e5d90e7c64fbc22df83.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Users\Admin\AppData\Local\Temp\6307.tmp
      "C:\Users\Admin\AppData\Local\Temp\6307.tmp" --pingC:\Users\Admin\AppData\Local\Temp\4f133082e86ac65697cdc19ac8749ab19842f7fbad672e5d90e7c64fbc22df83.exe 54D866124F6D8FEB43DD02ED302BDEE0A34985B630DE0EE35C25BEB478731F8C2DAB75AEB53D138790E45B96F4A8E6764C92C8A2F4FB682A70B7F0162E3330D1
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\6307.tmp
    Filesize

    1.5MB

    MD5

    841de863648693dcb6bf2d753073e100

    SHA1

    0e15c6fc8522e6c172a2bf6c9c82413183452a35

    SHA256

    e5c20347a17ae009e392fe6ba474afc6565f2f83eb74dc058bdbff253dd550a8

    SHA512

    3967ab365df819329ccf85e9136cc707df6d32d0be9cbec408fbd5b5ec2bad77e0a518d194f55acdc7686801b2043ac99b4d08ab11cbb212b178c43dc2712d1e

    Download Submit

  • memory/2704-9-0x00000000013B0000-0x000000000157E000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2704-10-0x0000000000310000-0x000000000038A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2852-0-0x0000000000180000-0x00000000001FA000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2852-1-0x0000000000210000-0x00000000003DE000-memory.dmp

    Filesize

    1.8MB

    Download