Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3SESM200425...76.exe
windows7-x64
7SESM200425...76.exe
windows10-2004-x64
7$PLUGINSDI...ge.dll
windows7-x64
3$PLUGINSDI...ge.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
21/08/2024, 10:08
Static task
static1
Behavioral task
behavioral1
Sample
SESM20042580 UKWT5376.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
SESM20042580 UKWT5376.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/BgImage.dll
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/BgImage.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240802-en
General
-
Target
SESM20042580 UKWT5376.exe
-
Size
1.5MB
-
MD5
a2337a4e339c515e1a876b6299ff3e25
-
SHA1
8f813df1a74cf1701e1c94e7ee8c1a3300622dcf
-
SHA256
a6a009c10125451a3c7eb2a8318fb6a9ea469f1d88ba8d4156f90f4d250fa06c
-
SHA512
a5307bb69d3587026a255bf999db62ef41160909e7d69d026a30ad7f071bd9f0877ce7d336b100e3e151292bbbf6807d2e7bb21b56e0541d4a4efd0958d8c84a
-
SSDEEP
49152:qMwVgK80g/UzkthRz33OO/xPO+EuseS7w:f+VTg/UmhleSxLsN7
Malware Config
Signatures
-
Loads dropped DLL 64 IoCs
pid Process 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe 3040 SESM20042580 UKWT5376.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SESM20042580 UKWT5376.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD5e2834a37c23a5c487b6e3a55eb95dd8a
SHA12ebc683fe079a8b0081283fd4adfff82f52dfa4d
SHA25673abbc57661987e7a0aa7e43f6d7dcff63a74615d3b731d94891b05e0e19adcb
SHA512c78edd37a46db20f56bffcc63358bde32b61552bc2e1e0960a41d36a84795e6d7fa4bb523ca1f1995ea62c60c8060cbadd5764d3a133de4ccac7501e68075e68
-
Filesize
4KB
MD598ff85b635d9114a9f6a0cd7b9b649d0
SHA17a51b13aa86a445a2161fa1a567cdaecaa5c97c4
SHA256933f93a30ce44df96cbc4ac0b56a8b02ee01da27e4ea665d1d846357a8fca8de
SHA512562342532c437236d56054278d27195e5f8c7e59911fc006964149fc0420b1f9963d72a71ebf1cd3dfee42d991a4049a382f7e669863504c16f0fe7097a07a0a
-
Filesize
9KB
MD548f3e7860e1de2b4e63ec744a5e9582a
SHA1420c64d802a637c75a53efc8f748e1aede3d6dc6
SHA2566bf9cccd8a600f4d442efe201e8c07b49605ba35f49a4b3ab22fa2641748e156
SHA51228716ddea580eeb23d93d1ff6ea0cf79a725e13c8f8a17ec9dfacb1fe29c7981ad84c03aed05663adc52365d63d19ec2f366762d1c685e3a9d93037570c3c583