Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

4f133082e8...83.exe

windows7-x64

7

4f133082e8...83.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/08/2024, 21:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4f133082e86ac65697cdc19ac8749ab19842f7fbad672e5d90e7c64fbc22df83.exe

  • Size

    1.5MB

  • MD5

    d3b4e6ef8b64de734755d2c7bbcaf0db

  • SHA1

    9ca08c6f013958f9629912355b6a2d7c7424ae12

  • SHA256

    4f133082e86ac65697cdc19ac8749ab19842f7fbad672e5d90e7c64fbc22df83

  • SHA512

    ead67625b9d7f32ce3f018347e6ecf3de2c11108a02f6c4b4427f03eab5dbb61ff87c31522f25b3643a002a75c125f27456a8188cbabdcd4dfb0d653ae8cd692

  • SSDEEP

    49152:lrq0R07QQmys87XEukexVJVUxDmwaAjwI:hq0+7Y8rEu5PJ6tmwnwI

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4f133082e86ac65697cdc19ac8749ab19842f7fbad672e5d90e7c64fbc22df83.exe
    "C:\Users\Admin\AppData\Local\Temp\4f133082e86ac65697cdc19ac8749ab19842f7fbad672e5d90e7c64fbc22df83.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5008
    • C:\Users\Admin\AppData\Local\Temp\A7D9.tmp
      "C:\Users\Admin\AppData\Local\Temp\A7D9.tmp" --pingC:\Users\Admin\AppData\Local\Temp\4f133082e86ac65697cdc19ac8749ab19842f7fbad672e5d90e7c64fbc22df83.exe F6C472049026821980D356BC245B7CB7AE3C1718CA9AC02797AFE779B22A1358F8562CD9A36C7A5A1099A1E3B90C9F88E52F37AA2E0A35B6DAECE8F3297C8736
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      PID:1732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\A7D9.tmp
    Filesize

    1.5MB

    MD5

    09dbb9e5196abb08477182ae69f77a4c

    SHA1

    4cc7cc6151ceb0d093f1af64a2bf95e5d0565817

    SHA256

    723e03981754f9f5c6c01f746bbf5ed4905930e378ce764aa1ea3e358fbf8a0b

    SHA512

    8c773806c49c38a0b865e8929bd2fcbbc4d4ba73f7d155cdbfabdd5c8edca51989a261da382f30dbe9447ef7dad6399059a919a97c2138a72f92d466b4274b40

    Download Submit

  • memory/1732-7-0x0000000000030000-0x00000000001FE000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/5008-0-0x0000000000A90000-0x0000000000C5E000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/5008-2-0x00000000009C0000-0x0000000000A3A000-memory.dmp

    Filesize

    488KB

    Download