Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

71715bd5a7...0N.exe

windows7-x64

7

71715bd5a7...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    34s
  • max time network
    64s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    23/08/2024, 08:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    71715bd5a7b3e0f205a48191c6e96c30N.exe

  • Size

    1.3MB

  • MD5

    71715bd5a7b3e0f205a48191c6e96c30

  • SHA1

    546e19172691ca8e6a0105b00e636a6280e6a5b4

  • SHA256

    bcf6163f18f622abb0d947a6f168fd9c9365a0c48a91969f2cc60c7d3e3c23e5

  • SHA512

    579bf8d135d68169d7e89116b43714345d175075b1fb56bf08737d3ce0237cdc0eb85faaad1d8be54bc696112340af79b63cc26d596309f52483f45baaf2f5f4

  • SSDEEP

    24576:D88nWu4F9ISOa7NqiswdtGZWUUW59QiXza/ZSjXuF77Lv+f6T8Qnskb2i6OBKaBp:Db0ZJ+ZHqKgGXuFbq4TT+E

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\71715bd5a7b3e0f205a48191c6e96c30N.exe
    "C:\Users\Admin\AppData\Local\Temp\71715bd5a7b3e0f205a48191c6e96c30N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Users\Admin\AppData\Local\Temp\71715bd5a7b3e0f205a48191c6e96c30N.exe
      C:\Users\Admin\AppData\Local\Temp\71715bd5a7b3e0f205a48191c6e96c30N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of UnmapMainImage
      PID:2980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\71715bd5a7b3e0f205a48191c6e96c30N.exe
    Filesize

    1.3MB

    MD5

    0801c91715aa0a56afa0283be24b53d5

    SHA1

    c27930697ebdc31f05b3e001245f9dcedbfa0993

    SHA256

    5501fa1ce32862f65ed52fba6afd6fdb6a946b641faf97cf94d208d5fe9c6128

    SHA512

    bfaef52d8510fee9269b4feb07af8a5d5ca2bfa7d89807dd29baf27e48accdd32b34f5334b53bd68c8b422b361290055a13d8dd27624550897ce70f79eeeaaf6

    Download Submit

  • memory/2400-0-0x0000000000400000-0x00000000004EF000-memory.dmp

    Filesize

    956KB

    Download

  • memory/2400-7-0x0000000000400000-0x00000000004EF000-memory.dmp

    Filesize

    956KB

    Download

  • memory/2980-9-0x0000000000400000-0x00000000004EF000-memory.dmp

    Filesize

    956KB

    Download

  • memory/2980-10-0x0000000000400000-0x00000000004A3000-memory.dmp

    Filesize

    652KB

    Download

  • memory/2980-16-0x0000000002E90000-0x0000000002F7F000-memory.dmp

    Filesize

    956KB

    Download

  • memory/2980-30-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2980-36-0x000000000ECF0000-0x000000000ED93000-memory.dmp

    Filesize

    652KB

    Download

  • memory/2980-37-0x0000000000400000-0x00000000004EF000-memory.dmp

    Filesize

    956KB

    Download