Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

0656bbbe23...0N.exe

windows7-x64

10

0656bbbe23...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    30s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    22/08/2024, 04:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0656bbbe239bdf652205c63667a32f30N.exe

  • Size

    93KB

  • MD5

    0656bbbe239bdf652205c63667a32f30

  • SHA1

    2d2218d00330b71569555410ee0189c17abc6096

  • SHA256

    cf44765b1362895c2c15e2626b6c0118b6dde3e98ab17ead5cb33318bab5b15d

  • SHA512

    ed776a499a4bbea4b30425d78a05e85753939568609da775dec3992ca348165f0a41de7ac50f23b154251f0437f487c30a64d5a07b6f5528f7ac3cd960bda2c8

  • SSDEEP

    1536:6LY4KDFdvUg5uRsIhnV28uDkagbQuNm3S9/gvmWJ583saMiwihtIbbpkp:6LRGFJUGIhV2JDro43Pvh5odMiwaIbb+

Score
10/10
discoverypersistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 4 IoCs
    persistence
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 8 IoCs
  • Drops file in System32 directory 6 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0656bbbe239bdf652205c63667a32f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\0656bbbe239bdf652205c63667a32f30N.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2416
    • C:\Windows\SysWOW64\Lcooinfc.exe
      C:\Windows\system32\Lcooinfc.exe
      2⤵
      • Adds autorun key to be loaded by Explorer.exe on startup
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2256
      • C:\Windows\SysWOW64\Lfnkejeg.exe
        C:\Windows\system32\Lfnkejeg.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2264
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 140
          4⤵
          • Loads dropped DLL
          • Program crash
          PID:2636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Lcooinfc.exe
    Filesize

    93KB

    MD5

    5cf0097bfc613b6d00363b20cb90b772

    SHA1

    87c35d336955d41068745223ed549b6488f46c7e

    SHA256

    574ba78cf45e250ffa6de6140b6cb99ca501f0f424eca9dcd950a44e991c49af

    SHA512

    34a2d913e9abca2244be970294748d639eb79a79fe1ff6ce2e89cb11700be0e7d15e70f1cac99c58417e2b77896b68cf975240f5eb3a38a9ed83b8b7e3a4344b

    Download Submit

  • C:\Windows\SysWOW64\Lfnkejeg.exe
    Filesize

    93KB

    MD5

    fe57bb4067d051da5f207ed15508d40c

    SHA1

    a5a3b818a72da609f78b7ab454804c545b42ac70

    SHA256

    2d7beea8f7100b2cb9410f2bd2a2d36bd9793cec710ac6862752934e07481feb

    SHA512

    41c1753db5d3ac9aa5eb71bfb219d37d2a008f46e38f25dd325d81f095ec288a05d9ba942f8ca3644fc4e6626c2203df9b8cac0bf7bb3704cfdb74a7087effa2

    Download Submit

  • memory/2256-26-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2264-27-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2416-0-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2416-25-0x00000000002D0000-0x000000000030E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2416-24-0x00000000002D0000-0x000000000030E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2416-32-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download