Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    141s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/08/2024, 19:00

General

  • Target

    168cd6fc355f8f629e8466375cf103eefe38193fa10908b39266aef9023436c9.exe

  • Size

    7.0MB

  • MD5

    9f45622774c7d19b96b520b37dc56055

  • SHA1

    b33b3bf504155b47efa9a9f44dff88c2df03a6d2

  • SHA256

    168cd6fc355f8f629e8466375cf103eefe38193fa10908b39266aef9023436c9

  • SHA512

    f60523676f18ee42633fce9e40dd3e4ff8d2b1f855a9016c0c20023491424aa091a538022a938fba43ef7935c24d3384e8b7a713427ba71f0ae3ae206409defc

  • SSDEEP

    98304:emhd1Uryey4MhYILo/erQMLeZrDV7wQqZUha5jtSyZIUbn:elfm8V92QbaZtliK

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\168cd6fc355f8f629e8466375cf103eefe38193fa10908b39266aef9023436c9.exe
    "C:\Users\Admin\AppData\Local\Temp\168cd6fc355f8f629e8466375cf103eefe38193fa10908b39266aef9023436c9.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4408
    • C:\Users\Admin\AppData\Local\Temp\8ED2.tmp
      "C:\Users\Admin\AppData\Local\Temp\8ED2.tmp" --splashC:\Users\Admin\AppData\Local\Temp\168cd6fc355f8f629e8466375cf103eefe38193fa10908b39266aef9023436c9.exe CFA41273D38A0520103D3B14E92B6E159ADA98A00873CFE79031C2AEFD1488F932CFD4346970CC9B3CFBDF214E219DD236C7EB2A6C4AB5118A60E3E147EF4FDC
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:3892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8ED2.tmp

    Filesize

    7.0MB

    MD5

    00b775694eb82bc6730d3caece5581bf

    SHA1

    77fe7c694c621ac0e4d59b5c53521de480e55006

    SHA256

    d02fc7ab7f06e8e961bb2f9119a6ff118296859b7c6f75bb759f02f020ca6ce3

    SHA512

    bb434664500a4eb1ae563c9bf5e211e7ca8cc6a368eac88278edbb2b309352d7c39c6a975dd39f4079aa85219fdab81c6943ba7ee6fa3962e5a19904d33992e2

  • memory/3892-5-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

  • memory/4408-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB