Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

485a570445...0N.exe

windows7-x64

7

485a570445...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    17/08/2024, 23:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    485a5704457f819f8a36cc807dc1fc80N.exe

  • Size

    500KB

  • MD5

    485a5704457f819f8a36cc807dc1fc80

  • SHA1

    1e4ae8866099267b7f7b5d934c967a6ae7c32d7b

  • SHA256

    b9125eaba6c0ba4f7404e34c8f446396567734a70ae80ce96365220c0e8cb333

  • SHA512

    9e7c1fabadc0430e129ad937faa386554597f1edac35111840903c0c139e82ca2f4fdd57b5fed6f0dfa0ecf0b8bd71ab5d115b951b2dd083230df6ad0ae1646f

  • SSDEEP

    12288:8WBm+95nHfF2mgewFx5q+UK5BMl1pfxpFP1kfgjdkA:8WBz95ndbgfx5q+UKYppFggjT

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\485a5704457f819f8a36cc807dc1fc80N.exe
    "C:\Users\Admin\AppData\Local\Temp\485a5704457f819f8a36cc807dc1fc80N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:588
    • C:\Users\Admin\AppData\Local\Temp\7B48.tmp
      "C:\Users\Admin\AppData\Local\Temp\7B48.tmp" --pingC:\Users\Admin\AppData\Local\Temp\485a5704457f819f8a36cc807dc1fc80N.exe C8CA12F8D34A6BD30F74AE593863069CDBFE75068B6D73A654BF75A59A1EECC767C60415BD4D34E1FBA8B2CD108332FF4213691AB4960C76B1A5C5B67A11E968
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      PID:2308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\7B48.tmp
    Filesize

    500KB

    MD5

    a078c2e911639858a5c06b056b56f699

    SHA1

    cc0d28d810d70810372831cc13597e268ae09c5d

    SHA256

    cbefc985f26e0e4f5d1ba5d5a918bd0430d37edd781b4ee1c8c9279c942d5d97

    SHA512

    204e6c09969ad1a36ede4576259da89edec015214395ec1dca8beef67d615388528fefffad65c2efa210daf4b31c02086266e592079b61d941a90aa25e14f74f

    Download Submit

  • memory/588-0-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/588-8-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/588-6-0x00000000004D0000-0x0000000000556000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2308-9-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2308-10-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download