Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

PowerTCP_S...al.exe

windows7-x64

7

PowerTCP_S...al.exe

windows10-2004-x64

7

keygen.exe

windows7-x64

3

keygen.exe

windows10-2004-x64

3

非常世�...��.url

windows7-x64

1

非常世�...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    10/08/2024, 11:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PowerTCP_Server_ActiveX_Trial.exe

  • Size

    4.0MB

  • MD5

    963645e1e85aa8cb7947fea49bdf7d54

  • SHA1

    7d220c6b33ca0d96bb687824eaeb5e05c6b40066

  • SHA256

    f4eae00462100cca565ea5280ddec2fb3f4a580d6a94ad8c8126b3fae208ac52

  • SHA512

    b2f9423ac77362bb8c276b867d85ef7fc628d44b6a393f97ea65d3eeb0bda436019c952d9396716d01ce6e5ecabacede7a891c2fe08561718d2c3a7fe76abde2

  • SSDEEP

    98304:LQ8qB8H3xSQLb3cbsB/lZh2pXyQ3svNDiKBNHQEiSD3F7x8j4H:LQZBQSQLb3c4B/52pXB3spi8FaUH

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PowerTCP_Server_ActiveX_Trial.exe
    "C:\Users\Admin\AppData\Local\Temp\PowerTCP_Server_ActiveX_Trial.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2536
    • C:\Users\Admin\AppData\Local\Temp\GLBCBC7.tmp
      C:\Users\Admin\AppData\Local\Temp\GLBCBC7.tmp 4736 C:\Users\Admin\AppData\Local\Temp\POWERT~1.EXE
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      PID:756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\GLBCBC7.tmp
    Filesize

    70KB

    MD5

    13746e1c94ef9c45ac53ebf543758ed9

    SHA1

    c9db7b17969f2c73fcc8967299558b37460440f2

    SHA256

    18597a7735ee61f08dd128ac9358690be620e4ece33492d6edd18ee2ebddf9c8

    SHA512

    8ec9503d384c5de1a18f95515ff7964f789ae686383d72d5ad47b6734df9f219ae9dd746f790097a4b06d8720b932fabac8edb3ea5f6d67a98575981869e731c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\GLCCBE7.tmp
    Filesize

    150KB

    MD5

    f3b9bfed127ffc97f63cd8c7ce8bc1a9

    SHA1

    468425842e3a29a4de6adb03652f02fdafd9fc82

    SHA256

    9acc324586a37cfa6f862439cfea45acd1378b4880b831cf5cca71389e0c5582

    SHA512

    671828ffce8660e3326f63f4e6a80941bbacfaa13ded2d58e6ffeacf9501ee66683b70fa4a100bfe7d24aea6fee8c3eda0e9a6c5ecdd792f6febb1981be030ff

    Download Submit

  • \Users\Admin\AppData\Local\Temp\GLFD7AE.tmp
    Filesize

    9KB

    MD5

    0ce392cdcf8714d0b32cb619d8eb5fb1

    SHA1

    d26f89db5b09c2c990ebc9e8314af7f510299189

    SHA256

    5f1957ed9d0632ef3225709584ea44d001d579cbcb5ea7ba87384c16fdd18604

    SHA512

    08039808cfe58643ba732869e98979455663618b436a2fed134c1ca937365ddce0d5b40258a257783ab32a800a1667cc88118d49dc9ff52d59de0fccc6d498dd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\GLKCDFB.tmp
    Filesize

    44KB

    MD5

    03a537a2be784dbb334a559347587a8d

    SHA1

    2bc6ac78a7928468584b38c49fc8191cdf7cd7b8

    SHA256

    791cbaf92b019d23967483cf97ae1b261754ba1d18ada81d01c50f4dc1e97ac5

    SHA512

    527eb7bd1ba88dd5c59c65e65a4485cf5524c64c011afad17c81faacab9b9aed32fc25da8fb54582ff828f788e43303b846fb236a3b97f8c29a977b23c154037

    Download Submit