Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d18fc3efde...0N.exe

windows7-x64

7

d18fc3efde...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 00:59 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d18fc3efdeaa28cd76f27b805158df40N.exe

  • Size

    45KB

  • MD5

    d18fc3efdeaa28cd76f27b805158df40

  • SHA1

    81a408ae6afba4aed8c68e5c85f8f8a6d163418f

  • SHA256

    9b24ccc6f6d8b85e7069c18d7adbd885cbf587d1824b8924d7cec6505aa50d24

  • SHA512

    1b70649808eeda13b10a883e65bf0110549127039c23e98d7c561c04d51107d1cfdf3bb8f3b154380fc1c61649b4950789fe39ffcc777e1362cd657cada97953

  • SSDEEP

    768:DqPJtsA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNhy:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wYS

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d18fc3efdeaa28cd76f27b805158df40N.exe
    "C:\Users\Admin\AppData\Local\Temp\d18fc3efdeaa28cd76f27b805158df40N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1696
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    45KB

    MD5

    84cbb000ee2a6f5b50e8ce72a28944e9

    SHA1

    c60f15863c5304bdeba0bbecd39f64faa5da8e1a

    SHA256

    ed963bcd73828f63e0edf2722868ea5e24e9e8fb98fcceff3de908535d9aa30b

    SHA512

    3aff118e73c04f3aa41dc31cae674376c4656adaca14bb36287e57b50dccde17b4f6c5ea5c36dcb11d79c36b7efa432a2c01d185c01edd5da3f8bef7983dc3de

    Download Submit

  • memory/1696-0-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1696-3-0x0000000000220000-0x0000000000223000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2032-8-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2032-10-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.