Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
11/08/2024, 01:51
Behavioral task
behavioral1
Sample
155ɫվ.url
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
155ɫվ.url
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
HiDownloadPlatinum.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
HiDownloadPlatinum.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
keygen.exe
Resource
win7-20240704-en
General
-
Target
HiDownloadPlatinum.exe
-
Size
3.9MB
-
MD5
061ca0f4ac437ea0a3f13367d006a6ab
-
SHA1
ccbb73a78ea4e170cb15b568a7f10b1986c416fe
-
SHA256
57f7c933f35c6efcf1f6d04aefde944f533a2bbb761d44312125dbb520faafc5
-
SHA512
12579c76951a8963ae38cfef13afb56f496f8e76779c4f3b099bb0ef034e8ed4382e2853ef0c7d47186e69f3ae50b76335ddb456f99daa21d268cf17327315ed
-
SSDEEP
98304:QNTUFzBYhFHzQdOfFYIZ3XJlQKy9bMA93:YON+JQdeVp5lQKK93
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2584 HiDownloadPlatinum.tmp -
Loads dropped DLL 3 IoCs
pid Process 2400 HiDownloadPlatinum.exe 2584 HiDownloadPlatinum.tmp 2584 HiDownloadPlatinum.tmp -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language HiDownloadPlatinum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language HiDownloadPlatinum.tmp -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2584 HiDownloadPlatinum.tmp -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2400 wrote to memory of 2584 2400 HiDownloadPlatinum.exe 30 PID 2400 wrote to memory of 2584 2400 HiDownloadPlatinum.exe 30 PID 2400 wrote to memory of 2584 2400 HiDownloadPlatinum.exe 30 PID 2400 wrote to memory of 2584 2400 HiDownloadPlatinum.exe 30 PID 2400 wrote to memory of 2584 2400 HiDownloadPlatinum.exe 30 PID 2400 wrote to memory of 2584 2400 HiDownloadPlatinum.exe 30 PID 2400 wrote to memory of 2584 2400 HiDownloadPlatinum.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\HiDownloadPlatinum.exe"C:\Users\Admin\AppData\Local\Temp\HiDownloadPlatinum.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2400 -
C:\Users\Admin\AppData\Local\Temp\is-F2M4O.tmp\HiDownloadPlatinum.tmp"C:\Users\Admin\AppData\Local\Temp\is-F2M4O.tmp\HiDownloadPlatinum.tmp" /SL5="$40150,3769370,54272,C:\Users\Admin\AppData\Local\Temp\HiDownloadPlatinum.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2584
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
22KB
MD592dc6ef532fbb4a5c3201469a5b5eb63
SHA13e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA2569884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA5129908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3
-
Filesize
687KB
MD58f144bcbcad0417e7823dd8e60218530
SHA19df092a764b8ad278ed574f00d1c065683eef6ac
SHA25639dfa032878743bba8244c73173c263e669131f0084a38f22c52b1383f627ba0
SHA512e093f69030fee17d8b55bde8337d409e8dfb583c97a81ed37425fb72122318d4c1f996d0d1bca28f24182ff5c8afe2be25eadc27951463ddca5c0abceca2a72d