Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

2d64b37beb...0N.exe

windows7-x64

8

2d64b37beb...0N.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    102s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/08/2024, 11:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d64b37beb5063a030c2e083b4d6baa0N.exe

  • Size

    892KB

  • MD5

    2d64b37beb5063a030c2e083b4d6baa0

  • SHA1

    bf0583bcecb115f20c5c6f800b46321734b8a781

  • SHA256

    270f8e7c30ebdbf8c1e642e4c7dd5eb0950efa2dca1dfa8290103f352f8df8b5

  • SHA512

    77a24cb1d905049ff129084a9ef7d9bd48fcace78c5dcca1b4e7e84cdc4ce707cf584c136273717b66480ebc513ed857c0a06bb7918697cc18aa0917c7558fd0

  • SSDEEP

    24576:v6Zv2ivhBVnFys7xP86LkRCwPYfuukvDtiflQM:vE2ivhQs7dLkRumsR

Score
8/10
discoverypersistenceupx

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 6 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d64b37beb5063a030c2e083b4d6baa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d64b37beb5063a030c2e083b4d6baa0N.exe"
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies system executable filetype association
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    PID:976
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 736
      2⤵
      • Program crash
      PID:4216
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 976 -ip 976
    1⤵
      PID:744

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\concp32.exe
      Filesize

      894KB

      MD5

      b38a21bf0e94e4545eaa7ed62c8885fb

      SHA1

      d9e63d42b9e33faa3c3686957f2c2be3ae8a0c14

      SHA256

      12243fb540a6812363de601a4fd5f839edf7b7f9cb1f1742aac02ba4a1fca4f6

      SHA512

      fea2b74a06a30e9e8ff963dc337eec616f3442d48886d535270d85756c30700ce9af94bbbedf2dd810fcb7ced07daee6075087685ae4e6ed64619b579652f157

      Download Submit

    • memory/976-0-0x0000000000400000-0x0000000000439000-memory.dmp

      Filesize

      228KB

      Download

    • memory/976-7-0x0000000000400000-0x0000000000439000-memory.dmp

      Filesize

      228KB

      Download