Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
134s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
24/08/2024, 08:15
Static task
static1
Behavioral task
behavioral1
Sample
147e98ff6924c6360558581211eb0ff5eba41620a54ff4ab8bf2d07d5785832a.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
147e98ff6924c6360558581211eb0ff5eba41620a54ff4ab8bf2d07d5785832a.exe
Resource
win10v2004-20240802-en
General
-
Target
147e98ff6924c6360558581211eb0ff5eba41620a54ff4ab8bf2d07d5785832a.exe
-
Size
5.3MB
-
MD5
e27d1953bcae0cf004b9c22dd5793479
-
SHA1
23f6f4bcc21c51b02313f069bb32d7dbe6db3c10
-
SHA256
147e98ff6924c6360558581211eb0ff5eba41620a54ff4ab8bf2d07d5785832a
-
SHA512
9ad9f6fdf76267cada279784e8e5c360db33b85167ef163576de66e559797800aea9ae32fa756c2a944c19cc3fadec420dba027f2fad4fae8b6255070d4da56c
-
SSDEEP
98304:tcdJhneoPrQKGc4E9PjKjT5QZvG0NDxx0AJBAUZLF:tcR9rnXe8G0N9xhJVJ
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 3196 147e98ff6924c6360558581211eb0ff5eba41620a54ff4ab8bf2d07d5785832a.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 5088 3196 WerFault.exe 83 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 147e98ff6924c6360558581211eb0ff5eba41620a54ff4ab8bf2d07d5785832a.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3196 147e98ff6924c6360558581211eb0ff5eba41620a54ff4ab8bf2d07d5785832a.exe 3196 147e98ff6924c6360558581211eb0ff5eba41620a54ff4ab8bf2d07d5785832a.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\147e98ff6924c6360558581211eb0ff5eba41620a54ff4ab8bf2d07d5785832a.exe"C:\Users\Admin\AppData\Local\Temp\147e98ff6924c6360558581211eb0ff5eba41620a54ff4ab8bf2d07d5785832a.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3196 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 10162⤵
- Program crash
PID:5088
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3196 -ip 31961⤵PID:4944
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.8MB
MD54c8066482756bd927aff4cf1df9aa5a6
SHA19830f4bbf827c3b0179a94e70d275dbf819fdfc6
SHA25672f2ab23ff9895118114d16faddd1b59b8d6d9a9a2f6792290671b6c21ed704f
SHA51240531913516c9c684b5c1f1508f39498d1a89aec07774965926ef5f563ead9d3c00cb218f3f7e9febd0e773cbd2c35559eb2e1732f8a8e798691989e565123c6