Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2024, 12:10

General

  • Target

    rmaildxp_v1914_eng_full.exe

  • Size

    11.6MB

  • MD5

    f35abfbb5b669ec5c81cb081271d0902

  • SHA1

    92ba34d14835dbbe7a6e9a21e231f0ee0c6a323a

  • SHA256

    07f7044c0e0cbd5ba2ce6eaad44e57022068c10dabcec402164fb04041e452f9

  • SHA512

    1b251105fb5f5590d44ffd02b787b0529a06575a2d7de666330ac2d56ad855c64415caaeae09906bd088e8301ab6317d6e3449d3018c34a4929511aad45ac282

  • SSDEEP

    196608:p1k8hzr6kvCB0nyivptNiHTUvP82reUe0kbC83rMAefIVvSnZN:pjhzr6kJyivptNizUHrX38UN

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\rmaildxp_v1914_eng_full.exe
    "C:\Users\Admin\AppData\Local\Temp\rmaildxp_v1914_eng_full.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2344

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsd8B30.tmp\ioSpecial.ini

    Filesize

    707B

    MD5

    372b48b574dcfa916d3f0a233a548842

    SHA1

    dead37187ce5b11931f71ca3a1950403affde032

    SHA256

    a3717942e843af2a6e09ed89da2167475931b974f010e0bc3fdb9f240ce35a76

    SHA512

    2a650aecbc70762227238520aefd0a7b53fd21d30c373172ba1840397222d10e9bc6ac57e0e34831b7fe91327e0c558c75c496c53330395973439107751cfe5a

  • \Users\Admin\AppData\Local\Temp\nsd8B30.tmp\InstallOptions.dll

    Filesize

    13KB

    MD5

    550a3317798d599add2698ec87180919

    SHA1

    4c311c88b428972e70645476e59269641365c1bc

    SHA256

    1bee687f883a12d2b475071c244bc0dbc70336e818b28ae65a526332dabf2d1e

    SHA512

    329283aa3397d171efec6fbe1cf15a3b64dbedd66679fa44184d45225b7d3e7845eb85d4340a6b703005e2b7be61a9db2dad160fe130822d4a5d66ef31d63808

  • \Users\Admin\AppData\Local\Temp\nsd8B30.tmp\LangDLL.dll

    Filesize

    5KB

    MD5

    2c3c8976d729d28478a789217a882291

    SHA1

    10c18b23fac957419547ef0f8ec3bc1b10e91e79

    SHA256

    799f91bdd59f2133bf195c5b4ca685ee91666d981a6bcd8a6c45b7c8ecc96eef

    SHA512

    749c650974f94cc5009124d3fa3d9bb1ee5824a3fa0a76b81733e08379678a2a1b7c54b77d1709fb6de24c81c68c03c0ec3e9ec5ccad0d30d9237300794f1213