Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

38 34 35.rar

windows7-x64

3

38 34 35/ERROR845.exe

windows7-x64

7

38 34 35/M...ft.jar

windows7-x64

1

38 34 35/n...32.dll

windows7-x64

7

out.dll

windows7-x64

3

38 34 35/n...64.dll

windows7-x64

1

38 34 35/n...x8.dll

windows7-x64

3

38 34 35/n...64.dll

windows7-x64

1

38 34 35/n...aw.dll

windows7-x64

3

38 34 35/n...64.dll

windows7-x64

1

38 34 35/n...gl.dll

windows7-x64

7

out.dll

windows7-x64

3

38 34 35/n...64.dll

windows7-x64

1

38 34 35/s/p.ogg

windows7-x64

1

38 34 35/s/t.ogg

windows7-x64

1

38 34 35/s/u.ogg

windows7-x64

1

38 34 35/s/v.ogg

windows7-x64

1

winrar-x64-701.exe

windows7-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    20/08/2024, 16:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    38 34 35/ERROR845.exe

  • Size

    50KB

  • MD5

    4164ae13f1d6028e3545e1775b286597

  • SHA1

    96fbbb6cdc60ced0a41792a8b56e4827e965a7aa

  • SHA256

    21a9016c03fa078a14741f76d8488ceb2193d95801947381406e28f1818880be

  • SHA512

    29a801dd56e2ba312cb122b213cf6718cee3c6beb68b5b7e9c7bed71d9a2cc406bd4e4072acb7b08dbdc0e7c63b1826af1fe576521766f7d01c489bc11cadb6a

  • SSDEEP

    1536:npfEKNCj6VoJl9Go5K7s4Nu3Nnouy8Ps6O:nVZ/VGS7rN+1outU

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38 34 35\ERROR845.exe
    "C:\Users\Admin\AppData\Local\Temp\38 34 35\ERROR845.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2988
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\C63C.tmp\C63D.tmp\C63E.bat "C:\Users\Admin\AppData\Local\Temp\38 34 35\ERROR845.exe""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2028
      • C:\Windows\system32\java.exe
        java -Xmx1024M -Xms1024M -cp Minecraft.jar "-Dorg.lwjgl.librarypath=C:\Users\Admin\AppData\Local\Temp\38 34 35/natives" "-Dnet.java.games.input.librarypath=C:\Users\Admin\AppData\Local\Temp\38 34 35/natives" net.minecraft.client.Minecraft
        3⤵
          PID:2400

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\C63C.tmp\C63D.tmp\C63E.bat
      Filesize

      180B

      MD5

      54035658871bce031a813de3fb8c3a2a

      SHA1

      864763dd87f24c54f3237f0b6c265c8c8d6215dd

      SHA256

      b4e1fcfb364c6a6581531f1f9935eb9717888c05a88f9f92768391c279e0dc18

      SHA512

      c9d18b5dcb35f44efe2fd3516d38d0a1a81cf8003f1009e82635fbb685ee25543ad64e968908c9f6ad67cdcf87b2a0f46be9c46fe0b61e0a8e51f13007f71a42

      Download Submit

    • memory/2400-5-0x00000000026C0000-0x0000000002930000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2400-14-0x0000000000150000-0x0000000000151000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2400-15-0x00000000026C0000-0x0000000002930000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2988-0-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2988-16-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download