Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

4e6dc2fa38...0N.exe

windows7-x64

7

4e6dc2fa38...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    24/08/2024, 21:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4e6dc2fa38c29a57efba970606175700N.exe

  • Size

    76KB

  • MD5

    4e6dc2fa38c29a57efba970606175700

  • SHA1

    8c18725a98eb92de6805ecc5ce04908fd386bdb4

  • SHA256

    6a2adf37171733bc65e369b17db18c0ae7e2220032421c7bf3c5d72316b94fe9

  • SHA512

    475d07acd21be5e290f9913fb0a5723055f3c2f7abaf1de85c82f43363a0332fa9c2f97a55f2a2008e080fc716756ad5ea92ba20316af3b0127622ce2e9a316b

  • SSDEEP

    1536:86RAo0ej2d6rnJwwvlNlIUBvsI7hrhEh9cpDN43vBKMvWPqH5kYhpvEHchVvhESN:xAo1lOwvlNlXBvsI7hrhEh9cpDN43vBl

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4e6dc2fa38c29a57efba970606175700N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e6dc2fa38c29a57efba970606175700N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2264
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:2772

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    76KB

    MD5

    3ab338b8b8c71358e333dccf7af1efc6

    SHA1

    20bc04316815b7a242db12b3091aa903331504a1

    SHA256

    426ad0304cf568a54aff659457dd3e50c959c7f88a30d6728c309732efc8687c

    SHA512

    d3bd87c6bdad29b13f215ba20f52152fdce1817e53e7cceabdef0a88fc971e41492f76f3ebb06c840418f3392f5f030c794e5b8d2d4aa3c48509c72da4e0ac4c

    Download Submit

  • memory/2264-0-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2264-6-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2772-8-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2772-10-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download