Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

109746509c...0N.exe

windows7-x64

10

109746509c...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/08/2024, 09:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    109746509cb3d0c491acb84b34970a00N.exe

  • Size

    206KB

  • MD5

    109746509cb3d0c491acb84b34970a00

  • SHA1

    64b419fe500c62c7861b61139bdd682d4c47d5a9

  • SHA256

    7f5ee35316a658826b4a96bc92a0367c7730d43a77f1bbe3270f0c5b25a093b3

  • SHA512

    cbbf6505150d7b71e8560eea162b30b59128ea9189ee05da31d2b418b53f291db233acd9775a4223ab13eee8e1534336e9d87ba5bdc3c3e9e352d6d824997935

  • SSDEEP

    1536:/fsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbJd5:/VqoCl/YgjxEufVU0TbTyDDalb5

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\109746509cb3d0c491acb84b34970a00N.exe
    "C:\Users\Admin\AppData\Local\Temp\109746509cb3d0c491acb84b34970a00N.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3476
    • \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2216
      • \??\c:\windows\resources\spoolsv.exe
        c:\windows\resources\spoolsv.exe SE
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:368
        • \??\c:\windows\resources\svchost.exe
          c:\windows\resources\svchost.exe
          4⤵
          • Modifies visiblity of hidden/system files in Explorer
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4272
          • \??\c:\windows\resources\spoolsv.exe
            c:\windows\resources\spoolsv.exe PR
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:3040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Resources\Themes\explorer.exe
    Filesize

    206KB

    MD5

    5bd759d47f2be79fcad4f036d44e7e65

    SHA1

    fc216dc7cf6878ee60074fb8d0f89b7862043772

    SHA256

    ca125f72a263da2a9b24c677acfdabbf053a27e1ceeb8f3467d8c977b1c8a0ac

    SHA512

    a74ca4da4f1d71fc7d53b9ae7a97383e454919ab97d9b13eee7d33f182a94a8108d0a8633e0bea9e53128c3a146b5282e418dbd24ec5c310530c116660474283

    Download Submit

  • C:\Windows\Resources\spoolsv.exe
    Filesize

    207KB

    MD5

    ee399a8c65076160a0a4e606c9b925e4

    SHA1

    ebc56713d88698a95599d6aa6fd704ac859c7e99

    SHA256

    1027750911f4e282980350f3af231abc4b0d808f3dd82e0f11d6fc165be3a076

    SHA512

    b43c96e9468bff2b6f8f5894a6baf3c6484d3f6efee61e85542aac57ec6d8f820886d22267d48cb6baa8d12d663e94daa24aee9b42d0593b952a16a750271468

    Download Submit

  • C:\Windows\Resources\svchost.exe
    Filesize

    206KB

    MD5

    be4d3ee77ffa5f00cd5c4d65d55bad85

    SHA1

    cbbeb1ff7c25e48d6e4035ebdbba3b63beac0aa7

    SHA256

    58036666472516392a092f5b235cd918d9582c0e01c321f9c3d5c4bc59ba08b0

    SHA512

    0e943b4440cf240d86bc9166f2b1a9794d435a7391efeff22c4696e2440fee066358cb48794f3f2cdb4f88877b92babc5555c62c6dd2b1c741a5cc39b1a66eb9

    Download Submit

  • memory/368-33-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2216-35-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3040-32-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3476-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3476-34-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4272-36-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download