Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
29/08/2024, 00:11
Static task
static1
Behavioral task
behavioral1
Sample
9db80d7a17839a504186eb72675d0610N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
9db80d7a17839a504186eb72675d0610N.exe
Resource
win10v2004-20240802-en
General
-
Target
9db80d7a17839a504186eb72675d0610N.exe
-
Size
3.9MB
-
MD5
9db80d7a17839a504186eb72675d0610
-
SHA1
1706e1497197bcc9e59dab4acc8a7b3d607d525a
-
SHA256
46eb8209dd54aad593c8f0b7db8bb7ded6028bedfd60ace2561e05885b2bde10
-
SHA512
4aaf017f24ec6aa9bb14b08a999234682d2bdf683f5435e721c55c2d9a78eaa36c1aee59f31922feff2b458211fc0b0c82a1e1e11865255679c8f92d71eb59a4
-
SSDEEP
3072:ZowahJ0y5iDe02mtTBf6NNFyxXA+33333333333333333333333333333333333C:YP5CeEtTB8FyxX0
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2392 svmssc.exe -
Executes dropped EXE 1 IoCs
pid Process 2392 svmssc.exe -
Loads dropped DLL 3 IoCs
pid Process 2392 svmssc.exe 2392 svmssc.exe 2392 svmssc.exe -
Drops file in Program Files directory 3 IoCs
description ioc Process File opened for modification C:\Program Files\Microsoft Explorer\svmssc.exe 9db80d7a17839a504186eb72675d0610N.exe File opened for modification C:\Program Files\Microsoft Explorer 9db80d7a17839a504186eb72675d0610N.exe File created C:\Program Files\Microsoft Explorer\svmssc.exe 9db80d7a17839a504186eb72675d0610N.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 9db80d7a17839a504186eb72675d0610N.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svmssc.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2104 9db80d7a17839a504186eb72675d0610N.exe 2392 svmssc.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\9db80d7a17839a504186eb72675d0610N.exe"C:\Users\Admin\AppData\Local\Temp\9db80d7a17839a504186eb72675d0610N.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2104
-
C:\Program Files\Microsoft Explorer\svmssc.exe"C:\Program Files\Microsoft Explorer\svmssc.exe"1⤵
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2392
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
18.3MB
MD5a30da6980af06b8026a8e69977e1f2a1
SHA14a59c9765388cdc7fd4ad7f99b3b321eac2b2928
SHA256974ae484e2b2e6510219262a78216cbcbe457674741935613064a058a344e49f
SHA5123c0e08fadebea5d80c23cf8a8b5e8aac398ab0c0e6623c993ce541a69647db1659401b40585cc923c366d6d25e45b2b9c310c0d5d1e109b99d4b9a97ca99d826
-
Filesize
71B
MD5501ee405233c8380a3337f715b52f236
SHA102428f67a123fdbb71cfe4b10db8686e4be24e80
SHA25686a68180aff5c4a01d7c4c835c56e59f8bd7e51f5411ac48f80315beacaa8449
SHA5126f39d482926027420429c39bee308e17002a65d19e54ee6d765b75b305631a4e1db78b3ee3b363e511d2f7fe4328d8738edcc55578be5476d3c8838b3831e99d