Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

d3b57c60c3...0N.exe

windows7-x64

7

d3b57c60c3...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    111s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 21:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d3b57c60c3df60583be7db4c64f63ea0N.exe

  • Size

    206KB

  • MD5

    d3b57c60c3df60583be7db4c64f63ea0

  • SHA1

    bea47defa14136208bae5d4d6d49a6628d0e8d3d

  • SHA256

    3db2bf8aadcc47dc9830396a07bc896634ab6028f222404438f8fcd2ff582103

  • SHA512

    6bf5518c0ac06d4108a99973604ec82edaf9b654cb62d23d57014dbf4ac5312f4a97e6e81d3a9e3753e48a84b1a2cf9cc2592d239eaf69102021badff4db3194

  • SSDEEP

    6144:WDbJX4alg8npg9tY72QraPF5ubz7T5l2wYNL9fw:EXPlNna3Q2QKQz7N3cL

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d3b57c60c3df60583be7db4c64f63ea0N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3b57c60c3df60583be7db4c64f63ea0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3960
    • C:\Program Files\Dutch\English.exe
      "C:\Program Files\Dutch\English.exe" "33201"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:2600

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Dutch\English.exe
    Filesize

    206KB

    MD5

    e0a6774783705e4f8df858cecbc23271

    SHA1

    7281ece1b3e9f698d8359803942340d3b049bce7

    SHA256

    47719646c78a09146edaf92344f0e63a7b3da176301c7c50299db5fca08fadac

    SHA512

    023e2d5d320242f4f19d8b7534861429621cfeac2b596dcc70ef2d87c0661543f85388cbf2174bd48e3a7dda1cfc10a6674265e296e408bb2a1a2cb1cb585d6c

    Download Submit

  • memory/2600-7-0x0000000000400000-0x0000000000578000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2600-8-0x0000000000400000-0x0000000000578000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3960-0-0x0000000000400000-0x0000000000578000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3960-6-0x0000000000400000-0x0000000000578000-memory.dmp

    Filesize

    1.5MB

    Download