Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
17s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
29/08/2024, 13:10
General
-
Target
744335901ff9a68bf197e0669d073390N.exe
-
Size
1.9MB
-
MD5
744335901ff9a68bf197e0669d073390
-
SHA1
84a3648b7d2d9c983e1faefd8bdeb7547aa43392
-
SHA256
1d9a9a8d1da327f36e5f6816b37ba24b0abd5054dcdee4018f708b9f7ac8d3f2
-
SHA512
878b5a45ad7461c5ef9e71c536159d53e35ee40c6e4e5cdec9d8c9149237aabe57cc5f2803b9b456485271b9d1c48affbe958fbc292c5b2f7777d0b004756081
-
SSDEEP
49152:Taxl0gXDWVetuRZmXYZmSadfqkbazR0vKLXZV:O3sxRZmIZmSadfqoatuKLXZV
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\744335901ff9a68bf197e0669d073390N.exe"C:\Users\Admin\AppData\Local\Temp\744335901ff9a68bf197e0669d073390N.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3A62.tmp"C:\Users\Admin\AppData\Local\Temp\3A62.tmp"2⤵
- Deletes itself
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.9MB
MD5013853d87f626230cc255adfd5b30dba
SHA10a6ddcc43499489fa8b44bab54a3a8611775a805
SHA25635e66ab95c55b782a3a6835797c1f93695a2ac3e10501c67c4e4407573f21f2c
SHA512316b25a39f087f3d6c18ece0ce7a98f9ecf472831a8f11f3b1943edeef6dfdd798212aa299a94a05b36a02dfb3dccc1fe287ed66a1088996a062b8d9a2e51028