Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    17/08/2024, 05:02

General

  • Target

    c7a37f5f3a469e770ea2221219260b2b51f2135dcefd1a6c61f990c40f436b13.exe

  • Size

    220KB

  • MD5

    21d0f7ebe343a7b5f19718bbfb4710e9

  • SHA1

    d2a6e322222951b588eb77155b5a10b315cf1ca8

  • SHA256

    c7a37f5f3a469e770ea2221219260b2b51f2135dcefd1a6c61f990c40f436b13

  • SHA512

    281c75cb37ee372b74eed8970479dd4f8cd931b3fd3feb5a4f5656ea637d2d0233f1604edb39e7863061afaf8e21dea32e56291988c5291715be0630c86aae4e

  • SSDEEP

    6144:wtnHrrVzr4D/0SZHXEpX/rA/tFhvsMLcXVC:Ch/4DVZ3EdQFhkMMVC

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c7a37f5f3a469e770ea2221219260b2b51f2135dcefd1a6c61f990c40f436b13.exe
    "C:\Users\Admin\AppData\Local\Temp\c7a37f5f3a469e770ea2221219260b2b51f2135dcefd1a6c61f990c40f436b13.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2584
    • C:\Users\Admin\AppData\Local\Temp\c7a37f5f3a469e770ea2221219260b2b51f2135dcefd1a6c61f990c40f436b13.exe
      C:\Users\Admin\AppData\Local\Temp\c7a37f5f3a469e770ea2221219260b2b51f2135dcefd1a6c61f990c40f436b13.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\c7a37f5f3a469e770ea2221219260b2b51f2135dcefd1a6c61f990c40f436b13.exe

    Filesize

    220KB

    MD5

    e2e703b4c2ba41e3061cf6d2dcac80dd

    SHA1

    9cd6ee997985e35b26b94c3c3242b4d8023b316b

    SHA256

    4ec55b5ff52d49d1cec5ac2de7de420c7a2a5101b4b45c4385c1d7b8036b0e9a

    SHA512

    9b6bdbb822e8e4eae39e48e404144cb3fb1e6ba4450c5d848e70fa88ded2a6a877a4f39ce2b8cabf469fb7b200b84d22ae97f0ea517980899e2f2c0d9ae5b9d3

  • memory/2584-0-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

  • memory/2584-9-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

  • memory/2984-11-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

  • memory/2984-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/2984-17-0x00000000002D0000-0x0000000000307000-memory.dmp

    Filesize

    220KB

  • memory/2984-18-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB