Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
15s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
24/08/2024, 00:59
Static task
static1
Behavioral task
behavioral1
Sample
90cf4194a0f5012f79836f5eca571ab0N.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
90cf4194a0f5012f79836f5eca571ab0N.exe
Resource
win10v2004-20240802-en
General
-
Target
90cf4194a0f5012f79836f5eca571ab0N.exe
-
Size
768KB
-
MD5
90cf4194a0f5012f79836f5eca571ab0
-
SHA1
ae1a878b51d5878886781e34daf48b0b84324670
-
SHA256
c076bf0a691a858c0ba7ae52a49681e42ed3b045d0a978beeee8dd2cd3197ebe
-
SHA512
1dd3488c75c314a276100df589082ceca940a576102abd68c384b33823ce6e32183c020034638934ec2521ced439b5b36880bef9a5a30a5603a361e3b9a51741
-
SSDEEP
12288:sPKTf/z2sWmUJXfbCAf9CAfK4AXygqfwWCAfK4AXygqfYCAfRCAT:sPgdWLdfb9f99foigY79foigYY9fR9
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2012 90cf4194a0f5012f79836f5eca571ab0N.exe -
Executes dropped EXE 1 IoCs
pid Process 2012 90cf4194a0f5012f79836f5eca571ab0N.exe -
Loads dropped DLL 1 IoCs
pid Process 2360 90cf4194a0f5012f79836f5eca571ab0N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 90cf4194a0f5012f79836f5eca571ab0N.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2360 90cf4194a0f5012f79836f5eca571ab0N.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2360 wrote to memory of 2012 2360 90cf4194a0f5012f79836f5eca571ab0N.exe 32 PID 2360 wrote to memory of 2012 2360 90cf4194a0f5012f79836f5eca571ab0N.exe 32 PID 2360 wrote to memory of 2012 2360 90cf4194a0f5012f79836f5eca571ab0N.exe 32 PID 2360 wrote to memory of 2012 2360 90cf4194a0f5012f79836f5eca571ab0N.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\90cf4194a0f5012f79836f5eca571ab0N.exe"C:\Users\Admin\AppData\Local\Temp\90cf4194a0f5012f79836f5eca571ab0N.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2360 -
C:\Users\Admin\AppData\Local\Temp\90cf4194a0f5012f79836f5eca571ab0N.exeC:\Users\Admin\AppData\Local\Temp\90cf4194a0f5012f79836f5eca571ab0N.exe2⤵
- Deletes itself
- Executes dropped EXE
PID:2012
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
768KB
MD5d67427b6743de2e354ad04ed8699d8ad
SHA1a2983403aa99fe3f17e8caab5d352bc5005713ef
SHA256793155ed22e989b2132aef6ee543f2fa13fcfa184d9cfe2f63240d753854de75
SHA512b6d98758212afa26c23df80f31b1b275de72d316af71bb339dc0e2c96fce115edb1061b15a612abcfe0c76fd91d288bf7c71e71950bab19e44b83b74a518ff57