Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
99s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
24/08/2024, 23:36
Static task
static1
Behavioral task
behavioral1
Sample
c92d98d875a16e21a2e3819b8ad1c9f0N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c92d98d875a16e21a2e3819b8ad1c9f0N.exe
Resource
win10v2004-20240802-en
General
-
Target
c92d98d875a16e21a2e3819b8ad1c9f0N.exe
-
Size
94KB
-
MD5
c92d98d875a16e21a2e3819b8ad1c9f0
-
SHA1
2faaace607428c77293ecab6b55ee23df7ee16d3
-
SHA256
ad7963d2d44ae34de42ad5ebd5f3446a2bfaa43b2cfbe7d74f639b8d9f3eacff
-
SHA512
fd126e090dabc502d53f1e38d999033b1324492cb438b810288f61c2ab74cdca6e0f837133365795e3d7ad4eb270b593c719de48bc65885ae7995fad4905de9f
-
SSDEEP
1536:ZY9QqDLnx1USBGvEJHKr88+FcG8fNRsBIlx/DPIP6PONWQIDYNuJ+Zdjsa:i6qPx1jBGcJM88+cIW37Pe6hhUNuUZRx
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 456 c92d98d875a16e21a2e3819b8ad1c9f0N.exe -
Executes dropped EXE 1 IoCs
pid Process 456 c92d98d875a16e21a2e3819b8ad1c9f0N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c92d98d875a16e21a2e3819b8ad1c9f0N.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 944 c92d98d875a16e21a2e3819b8ad1c9f0N.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 944 c92d98d875a16e21a2e3819b8ad1c9f0N.exe 456 c92d98d875a16e21a2e3819b8ad1c9f0N.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 944 wrote to memory of 456 944 c92d98d875a16e21a2e3819b8ad1c9f0N.exe 85 PID 944 wrote to memory of 456 944 c92d98d875a16e21a2e3819b8ad1c9f0N.exe 85 PID 944 wrote to memory of 456 944 c92d98d875a16e21a2e3819b8ad1c9f0N.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\c92d98d875a16e21a2e3819b8ad1c9f0N.exe"C:\Users\Admin\AppData\Local\Temp\c92d98d875a16e21a2e3819b8ad1c9f0N.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:944 -
C:\Users\Admin\AppData\Local\Temp\c92d98d875a16e21a2e3819b8ad1c9f0N.exeC:\Users\Admin\AppData\Local\Temp\c92d98d875a16e21a2e3819b8ad1c9f0N.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:456
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
94KB
MD573f81b5cf966ebeaa23a835b8538f395
SHA1989fd21b6050abc673f424df51277b7dbaa72e26
SHA256a72fede629daeee0332272979c3c9aa5720b3eebb0e74823e42a01ef14847365
SHA51221b53b3c14697bad918eaa5c7d4fc0c287da76d5e9f31cdd26cbb8e3779d249b81adfb267a3c5dec68fbdeb0e623639fe3a4d188a9da3d8b2f44818b3122f682