Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    132s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    02/09/2024, 01:46

General

  • Target

    1e82a1ab1f4053a3088c9daf615cacecac453333f167feee0dbc1e0bfb86559b.exe

  • Size

    15KB

  • MD5

    7882288d4d55b9ef88e18a8e4eaae9fa

  • SHA1

    15896423031607b8631e0ae77f02766cc8741577

  • SHA256

    1e82a1ab1f4053a3088c9daf615cacecac453333f167feee0dbc1e0bfb86559b

  • SHA512

    0e4ef0e0a03ea741f52f549a6b329017df12c7bcde5de41af3dad8a2d71edf50dfd65b7e154d7598c618e83027471d8787ce89126fa1cd51642bc91f53390b34

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4Yh4cnwCgr:hDXWipuE+K3/SSHgx/wCU

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e82a1ab1f4053a3088c9daf615cacecac453333f167feee0dbc1e0bfb86559b.exe
    "C:\Users\Admin\AppData\Local\Temp\1e82a1ab1f4053a3088c9daf615cacecac453333f167feee0dbc1e0bfb86559b.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2284
    • C:\Users\Admin\AppData\Local\Temp\DEME4A4.exe
      "C:\Users\Admin\AppData\Local\Temp\DEME4A4.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2576
      • C:\Users\Admin\AppData\Local\Temp\DEM39E5.exe
        "C:\Users\Admin\AppData\Local\Temp\DEM39E5.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2440
        • C:\Users\Admin\AppData\Local\Temp\DEM8F83.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM8F83.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2520
          • C:\Users\Admin\AppData\Local\Temp\DEME659.exe
            "C:\Users\Admin\AppData\Local\Temp\DEME659.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:944
            • C:\Users\Admin\AppData\Local\Temp\DEM3C07.exe
              "C:\Users\Admin\AppData\Local\Temp\DEM3C07.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:1648
              • C:\Users\Admin\AppData\Local\Temp\DEM9212.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM9212.exe"
                7⤵
                • Executes dropped EXE
                PID:2864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM39E5.exe

    Filesize

    15KB

    MD5

    2ab1079e737f61805e9e9d232500d39a

    SHA1

    0bf324f4ad3b1179f5918737428599d007031738

    SHA256

    d1abe51911f8273c7d7c12cda9ef30fceeda8068b0568fe1e6dfdd4af1981bd0

    SHA512

    ac2f3ab95f2d0109cdfcb1cb4e4a92d8eef61d33477a37e40e30903fd0169b8b51e365f90bf80984eac8fa0b29166eab2b1847f20cf9449e9ea3183621230034

  • C:\Users\Admin\AppData\Local\Temp\DEM3C07.exe

    Filesize

    15KB

    MD5

    336f5720c30e8cb0d6b97ebadd8c5d5c

    SHA1

    6a69ff48620f8eadbdd1942da8f3586499681eee

    SHA256

    b7c44119b8e39dd3f6eaffbf57924c5a34a220b247f2463e38c6cc45314cb5b5

    SHA512

    a103ebf2e5d6a3cd0d43b93fcc13ae9106cec1f0d41a08c3294b205f8e740c8a1bbc60ada793014d9e5222c184b91331e503d7c4027c593b45f0f7a4da2c5c84

  • \Users\Admin\AppData\Local\Temp\DEM8F83.exe

    Filesize

    15KB

    MD5

    fccd6e10fc62421ff3bef93873a76ddd

    SHA1

    35d5fb19720e3633660ee107fcd28ab96ff569c1

    SHA256

    628ca72f45994930d1d0d5b9e8dfdbb0d150738799262e9168a574cd8eaf6f33

    SHA512

    69065faac7b18328070803e097e07c41742fded00a2fc223609973691931d062fcf2a34b32c545c503f123a513ca9179b891b019cdb1d65b96e9c48253f43457

  • \Users\Admin\AppData\Local\Temp\DEM9212.exe

    Filesize

    15KB

    MD5

    3c833e537580460b451b4f5dcb9bab48

    SHA1

    cd6b033ca7b160b0e53ac629703d2db5d82c7620

    SHA256

    8ffdd9a9e50e80357d8ffd5451eaced02dba281a98b1669168e498f1af3c6144

    SHA512

    f5e2b531d10cb22c89073374613e8c44cc1d21765a95260e6ef163a6d37cef40976958feace2a18218cb6a68215d121b82f810ee026b96d8bf069a4e6ff78d49

  • \Users\Admin\AppData\Local\Temp\DEME4A4.exe

    Filesize

    15KB

    MD5

    216eb2f86b6c5da240736bc6198cd775

    SHA1

    8f16a000b8656d15a6526e394fea11b36abcfbc5

    SHA256

    00a974a9e45ff7dab45aebf7ae059213497e07f52853088b3da7e2e7613d5df9

    SHA512

    144bf2052c6f6e905d996efd213f9d8a4f611d0814f913f420da4b4f7c7e21b3845b7ff2cedaefe4c6b0a8fc40ca9c8af143a1d8522f7414ef613c478fbd77a1

  • \Users\Admin\AppData\Local\Temp\DEME659.exe

    Filesize

    15KB

    MD5

    f93edebae586297bf9c9bd331405c86f

    SHA1

    c6c80d0f18e3c2d267fdc99859855173984df21b

    SHA256

    76985403a5697b0febb6193e9c91ebe40d3bdc3bafe4653547090aded18967e1

    SHA512

    e9a053ceacec23eed1b4081ba9dac42b9f46f861e40c37182ec907996631b56648a4bc2a94dc7da43e15af3590c5d2fe6397159c336ee73c86b34889ecc531f8