Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
103s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25/08/2024, 21:42
Static task
static1
Behavioral task
behavioral1
Sample
7a04118012045becdd097be62c145e00N.exe
Resource
win7-20240729-en
General
-
Target
7a04118012045becdd097be62c145e00N.exe
-
Size
65KB
-
MD5
7a04118012045becdd097be62c145e00
-
SHA1
51bfbdfb5b158492a546a813e9611107d7bad7f6
-
SHA256
7f9200d64a0be596d0c01b1853ff6ef6d3d0799286265a1b95e2e61de611a15c
-
SHA512
5a2a0326aaffbc77606898e9979fb1c96a47762359e74651407eecf4a51e51eec05ea48e4c979815fda16e0a1c11e058691ae800809e90ac949ac7771b75a0ed
-
SSDEEP
768:ErzHIr42KUtWafMjFDWkCO05EsCC/s3NhfAoiDCIElPbAX2n0fjr:Er9ZaidWVOEE3NxweIElDAmnqjr
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1480 rmass.exe -
resource yara_rule behavioral2/files/0x000900000002346b-3.dat upx behavioral2/memory/1480-4-0x0000000000400000-0x0000000000412000-memory.dmp upx -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\rmass.exe 7a04118012045becdd097be62c145e00N.exe File opened for modification C:\Windows\SysWOW64\rmass.exe 7a04118012045becdd097be62c145e00N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7a04118012045becdd097be62c145e00N.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7a04118012045becdd097be62c145e00N.exe"C:\Users\Admin\AppData\Local\Temp\7a04118012045becdd097be62c145e00N.exe"1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:4032 -
C:\Windows\SysWOW64\rmass.exe"C:\Windows\SysWOW64\rmass.exe"2⤵
- Executes dropped EXE
PID:1480
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
62KB
MD577a4c21fcb8f862e4fe0d8e5dc856e6b
SHA17472cf691767f0988fa485079a0485aaf49d684d
SHA25680dd66cc00249029f4743607aef8d1c2fefb46497dc4a1d3e6e330c58a4debe8
SHA512a3a1c8412b04409f1ba864e13b6559ad3c9299b6c96e42b61252e0d7400b21f52422ac13537a70e075ca9bd3b60a550fc8b540d7a83e05e2507812b6581012de