Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

36463ea258...d0.exe

windows7-x64

7

36463ea258...d0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 05:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36463ea25860b7c50771445e54c48b4e94c9366c7a91ef710042996c1fe00fd0.exe

  • Size

    40.5MB

  • MD5

    b11045a163252bbe1c4835fe9240ff92

  • SHA1

    aea10a96cf0db5852f018a112e447ed81ca39bda

  • SHA256

    36463ea25860b7c50771445e54c48b4e94c9366c7a91ef710042996c1fe00fd0

  • SHA512

    76a276753229d3148de7bda30cdd29662345b36e1eeb49b9c5a536f9b4bad634f2a0475fe75068a2f87d9d3833830a924312e55720b15df308e53190621b019a

  • SSDEEP

    786432:NPskQRHCPbmMRLzsQvprqH13IbK89Xu/HTorHZvoV3QIilk2Q5V+b:NVQRHCTmIzpvl8138jNqHsDZgO5nQ5Yb

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36463ea25860b7c50771445e54c48b4e94c9366c7a91ef710042996c1fe00fd0.exe
    "C:\Users\Admin\AppData\Local\Temp\36463ea25860b7c50771445e54c48b4e94c9366c7a91ef710042996c1fe00fd0.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2320
    • C:\Users\Admin\AppData\Local\Temp\is-FS7B2.tmp\36463ea25860b7c50771445e54c48b4e94c9366c7a91ef710042996c1fe00fd0.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-FS7B2.tmp\36463ea25860b7c50771445e54c48b4e94c9366c7a91ef710042996c1fe00fd0.tmp" /SL5="$4010C,41319847,735744,C:\Users\Admin\AppData\Local\Temp\36463ea25860b7c50771445e54c48b4e94c9366c7a91ef710042996c1fe00fd0.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2560

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-FS7B2.tmp\36463ea25860b7c50771445e54c48b4e94c9366c7a91ef710042996c1fe00fd0.tmp
    Filesize

    2.9MB

    MD5

    17b1725998f6060263e7ca59a2ed7c47

    SHA1

    4b92d49645c7b1a4d31f6d9e00e9fe84c903b19c

    SHA256

    0de15ad626f334b84b94a537a6b2a7fe45e4b6dc3ad0d31fcf607cd85f2774fa

    SHA512

    e5a9758fc55325187497a62b6b3b72768462b3caa3591c90029ebfbabb47e40097bb25be064e031ea8e54b8fe287b669c67f0910cde55c298fd3e62bca17e19b

    Download Submit

  • memory/2320-2-0x0000000000401000-0x00000000004A9000-memory.dmp

    Filesize

    672KB

    Download

  • memory/2320-0-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2320-10-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2560-8-0x0000000000400000-0x00000000006F5000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2560-11-0x0000000000400000-0x00000000006F5000-memory.dmp

    Filesize

    3.0MB

    Download