Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    115s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/08/2024, 16:02

General

  • Target

    0343f7d9824f51e45c9cc6ffbe4a1c20N.exe

  • Size

    212KB

  • MD5

    0343f7d9824f51e45c9cc6ffbe4a1c20

  • SHA1

    81ea1a3648e3b9d4903398502cc5ac8fbd0a843a

  • SHA256

    915e637e9e56872ab8f1318ea2aa2434c5161cd6bf289076ebecac66db6bd25b

  • SHA512

    83c21afce52224b8b70be568e7bc6d90a4539984c627979bf7a1d172396e054496dd981ac95b0e8b0332467e9214188929974ec49fd5068f2f3b91e9f5e6b2e3

  • SSDEEP

    3072:jLk395hYXJLM/6tdrHF3AHEAHVxd/Y/6fV4xRrB9sTQt4Ge9tBBTWw0vlT4H7n+B:jQqqWQkAHJX4XYkY9Pow0vlT4+B

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0343f7d9824f51e45c9cc6ffbe4a1c20N.exe
    "C:\Users\Admin\AppData\Local\Temp\0343f7d9824f51e45c9cc6ffbe4a1c20N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4572
    • C:\Users\Admin\AppData\Local\Temp\0343f7d9824f51e45c9cc6ffbe4a1c20N.exe
      "C:\Users\Admin\AppData\Local\Temp\0343f7d9824f51e45c9cc6ffbe4a1c20N.exe"
      2⤵
        PID:4384
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 852
        2⤵
        • Program crash
        PID:2172
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4572 -ip 4572
      1⤵
        PID:2976

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\nsj9C22.tmp\System.dll

        Filesize

        11KB

        MD5

        c17103ae9072a06da581dec998343fc1

        SHA1

        b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

        SHA256

        dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

        SHA512

        d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

      • memory/4572-12-0x00000000022F0000-0x00000000022F2000-memory.dmp

        Filesize

        8KB