Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    24s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    10/08/2024, 21:52

General

  • Target

    58b1f237a3e815dc907cba9682543d1e4c6ddb3b05df16cef89a584a0c0761dd.exe

  • Size

    246KB

  • MD5

    d7a82d875706d57720b3a35ea797290d

  • SHA1

    9dbc048de8ea29ab951b08341fd141dcd317f78f

  • SHA256

    58b1f237a3e815dc907cba9682543d1e4c6ddb3b05df16cef89a584a0c0761dd

  • SHA512

    f8ecd8c34a84448291d99f0135811da9dedeb7aea6a25db19aa98ce6b4f9366959a57409f4549bb7d93678d6a4d35657822725227741b9e3d289b4526bfae2d8

  • SSDEEP

    6144:FMooVQnnOBccnskYPmTpUxrr1XRA7WHxWoN+J0EafCUSYibN6WG8M:+QnO/s1mTpG5bUo4bafVibv3M

Score
7/10

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

  • Gathers system information 1 TTPs 1 IoCs

    Runs systeminfo.exe.

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\58b1f237a3e815dc907cba9682543d1e4c6ddb3b05df16cef89a584a0c0761dd.exe
    "C:\Users\Admin\AppData\Local\Temp\58b1f237a3e815dc907cba9682543d1e4c6ddb3b05df16cef89a584a0c0761dd.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c systeminfo>>C:\Windows\temp\setup_gitlog.txt&ping 8.8.8.8>>C:\Windows\temp\setup_gitlog.txt
      2⤵
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      • Suspicious use of WriteProcessMemory
      PID:652
      • C:\Windows\SysWOW64\systeminfo.exe
        systeminfo
        3⤵
        • System Location Discovery: System Language Discovery
        • Gathers system information
        PID:2740
      • C:\Windows\SysWOW64\PING.EXE
        ping 8.8.8.8
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:2776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\temp\setup_gitlog.txt

    Filesize

    33B

    MD5

    346bbdef8e66561ce4c33013160d7c75

    SHA1

    023e40d5eb04b2d7e8346ea0c9a62b05d372abec

    SHA256

    ce357dc9d96cbb6933f7895d5fee9052b72733c2db9fc32b1555761b1bd0c277

    SHA512

    f2fd0412846455ee0f47f9e88192ea4c6ee60c3118be40a44c9b626566652ed46b1c3a0708a7ec6feba7a9cafc61091a2a1c6cb864a99a081bb842625040594f

  • memory/3012-2-0x0000000000400000-0x0000000001C5B000-memory.dmp

    Filesize

    24.4MB

  • memory/3012-1-0x0000000000400000-0x0000000001C5B000-memory.dmp

    Filesize

    24.4MB

  • memory/3012-6-0x0000000000400000-0x0000000001C5B000-memory.dmp

    Filesize

    24.4MB