Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

6e19797d7a...63.exe

windows7-x64

7

6e19797d7a...63.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    13/08/2024, 21:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6e19797d7a237e9d130a38f15b926485287c6ce842679aba850725589242c763.exe

  • Size

    94KB

  • MD5

    e89d0d6ba6f99ea0ddcd3cb028c4e74f

  • SHA1

    0c4d37e0947692161c4f162a58feea31d915d34f

  • SHA256

    6e19797d7a237e9d130a38f15b926485287c6ce842679aba850725589242c763

  • SHA512

    3efca72a2dc3fb7d7ad5e48b2ccfa5ce83a00368dd4b1de5c1399ce5df1e542a2167b7e78cec14c9432512e9437a7684a2bc1a6837279205419a38b4d6496325

  • SSDEEP

    1536:Sdyql1M7wIIEuti7rEYivykYkpaWj0OL+G7mJAm/lGAuJMLF4vsnXWkW3H6:SdV1Z1i3QKqSGCJr/lkJ6FQsnv

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6e19797d7a237e9d130a38f15b926485287c6ce842679aba850725589242c763.exe
    "C:\Users\Admin\AppData\Local\Temp\6e19797d7a237e9d130a38f15b926485287c6ce842679aba850725589242c763.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2484
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\_del.bat
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2704
  • C:\Windows\SysWOW64\sppsrv.exe
    C:\Windows\SysWOW64\sppsrv.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:2488

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_del.bat
    Filesize

    294B

    MD5

    e897199629935eab49a0664af97200d9

    SHA1

    f95bab57b71407bb62b36317dc9be45d27614bda

    SHA256

    8aa061c506113ae2fed651a8265505e0a5e02a804e2422f1e145ceb2830f192b

    SHA512

    f58f5ceb2d73a75500ac5a596de7b28119e0ccf6f9e59c36e59787b4e0afceaf6141ae50801d87007a24b15ca21100afd4c9a30ed44a98f0cd5267fc68d1b55b

    Download Submit

  • C:\Windows\SysWOW64\sppsrv.exe
    Filesize

    94KB

    MD5

    65e911dc0d9118c94d02a81cec52e115

    SHA1

    bfa39cdf4ccf0ab9ac2495b7e3b974be3f8b7993

    SHA256

    235f79449ee661c8d69215887aa31dd24cf65bc7ecc6129de7d8f4ab3da72292

    SHA512

    23163eeca7e5c8a1528f0f815258468637d6f09943985a59638847442175e3910e878b1c0b32be27151fbbde981959f77824e94959cef174710f721bb79838e0

    Download Submit

  • C:\Windows\SysWOW64\xpwunp.dat
    Filesize

    740B

    MD5

    e1faf661a667938a95986dd4eea328fe

    SHA1

    1dc20598ba0705de970f54fe17bf8bc3ebd960f1

    SHA256

    ec28dd005ecd1c48bd60c8c58226705f59c879bca9c37de6080e113922750c73

    SHA512

    37692a7d77723b3f14919201a9b95c734350083939af5d47070fd3e3c188b5c7673d2b2a85ebc89e28f312d0f8bcb30136cdf61ad3a9456b5d448d8759ab9b16

    Download Submit