Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

adbbbf091a...71.exe

windows7-x64

10

adbbbf091a...71.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    18/08/2024, 03:21 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    adbbbf091ac3a6217491a5d9c27ed8102d0d1863430cf5cc65739c82989dbc71.exe

  • Size

    512KB

  • MD5

    cf22a3e5b2f2dd682f11d8409a394eef

  • SHA1

    301ce368805add8882318075725f5b0780981070

  • SHA256

    adbbbf091ac3a6217491a5d9c27ed8102d0d1863430cf5cc65739c82989dbc71

  • SHA512

    6192783dc64570ad7ce4ce1277f9f74d0d18693c29b43334f1d8d5b8c6d7f9a775f1964237c3953c1ce08ed118ab246f73e654c01d5321eb268cf66ffb5105ab

  • SSDEEP

    6144:fqS1+B0UZP8VU5tTO/ENURQPTlyl48pArv8kEVS1aHr:RAJUG5t1sI5yl48pArv8o4L

Score
10/10
discoverypersistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 8 IoCs
    persistence
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 12 IoCs
  • Drops file in System32 directory 12 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 15 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\adbbbf091ac3a6217491a5d9c27ed8102d0d1863430cf5cc65739c82989dbc71.exe
    "C:\Users\Admin\AppData\Local\Temp\adbbbf091ac3a6217491a5d9c27ed8102d0d1863430cf5cc65739c82989dbc71.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2412
    • C:\Windows\SysWOW64\Lpnopm32.exe
      C:\Windows\system32\Lpnopm32.exe
      2⤵
      • Adds autorun key to be loaded by Explorer.exe on startup
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2736
      • C:\Windows\SysWOW64\Lcmklh32.exe
        C:\Windows\system32\Lcmklh32.exe
        3⤵
        • Adds autorun key to be loaded by Explorer.exe on startup
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:3012
        • C:\Windows\SysWOW64\Lekghdad.exe
          C:\Windows\system32\Lekghdad.exe
          4⤵
          • Adds autorun key to be loaded by Explorer.exe on startup
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          PID:2820
          • C:\Windows\SysWOW64\Lepaccmo.exe
            C:\Windows\system32\Lepaccmo.exe
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2628
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 140
              6⤵
              • Loads dropped DLL
              • Program crash
              PID:2640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Lcmklh32.exe
    Filesize

    512KB

    MD5

    bc0d7460ddb553049ee405ddf62b4a33

    SHA1

    90e477bd72092f4639ad1ac7b7ff5fe7ae8e83da

    SHA256

    99eed6fb2f80a82ad880f4da255df0bbf7ded52680a1a4e6e7d1106c2c90c769

    SHA512

    806c07173acc411725f1b97401bc4e541270ee7502b31fa9946efba1560ebd358bf6c5e1d869e49e60141eccc34e713969c2c0e0d4786043fe4d83d25461b4ad

    Download Submit

  • C:\Windows\SysWOW64\Lekghdad.exe
    Filesize

    512KB

    MD5

    8bacdf5884f03d8fea4ec1b2b75286ba

    SHA1

    833dff68b3f0e989baedbc9a724793129fb2f14a

    SHA256

    375faa07c48837551f8a0cadf5d4da5d807da8aa2fff3ea94859e2cc4b5bf24f

    SHA512

    422d6bbf887c29255feaadf7faaca85aa2746b2e765307f35111476bcf7ed55bd9bcaba91160aa2e1fd3eb25d817de21f6e82ab52e9e67d1b471033b4fe30c8a

    Download Submit

  • C:\Windows\SysWOW64\Lpnopm32.exe
    Filesize

    512KB

    MD5

    4801bde7fc2a8ada045751675492ddb4

    SHA1

    ca2a84f8c8bca5b6d860489b32c581ddce5e0743

    SHA256

    4737896be65e348f2ff26b3993ad666083ac9b586d9102a73c7a4a783c63ae32

    SHA512

    61cafa9306f6953177302600aec53cfeb94143d2ad182e3e35623b9bb3dd9d6426b2c2a7ad219d5089c903e3afbd660f51ece7606376a3a346e58355b2d059d7

    Download Submit

  • \Windows\SysWOW64\Lepaccmo.exe
    Filesize

    512KB

    MD5

    87f729dabb236bb39d59797bcceca502

    SHA1

    a2552c58ef6109cfa424ca62a4c247910f6f17e1

    SHA256

    942760ca50e8333f5f4c0215bb26c9f238ffa595f562037f4246c8b341e0edd6

    SHA512

    336503a416c80e46c71c314ad7cc5a95081f1ece4dfb0abec0760ee880c5716d69a317c240a2ec68e9fc30f56ad8d6328c80bc773a488f345a96c10aaecc3401

    Download Submit

  • memory/2412-17-0x0000000000290000-0x00000000002BF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2412-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2412-62-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2412-18-0x0000000000290000-0x00000000002BF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2628-57-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2628-66-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2736-27-0x00000000001E0000-0x000000000020F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2736-19-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2820-43-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2820-51-0x00000000002D0000-0x00000000002FF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2820-65-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3012-29-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3012-42-0x0000000000300000-0x000000000032F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3012-41-0x0000000000300000-0x000000000032F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3012-64-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.