Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
02/09/2024, 13:15
Behavioral task
behavioral1
Sample
decc924c5d9724166e627622abfe52636a28c89253307aa88966c70b77a3e1a6.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
decc924c5d9724166e627622abfe52636a28c89253307aa88966c70b77a3e1a6.exe
Resource
win10v2004-20240802-en
General
-
Target
decc924c5d9724166e627622abfe52636a28c89253307aa88966c70b77a3e1a6.exe
-
Size
21.6MB
-
MD5
f627f381233039bae67494833c9c034e
-
SHA1
a70f577fef3a7bd4c59d7c52a273e5a9444c0a3a
-
SHA256
decc924c5d9724166e627622abfe52636a28c89253307aa88966c70b77a3e1a6
-
SHA512
597b7c6c3b8486f2bdab7d8447be87d861dc0fc918615b061bb8888f4b69d5732eea2b8b682e32c67fcb264cee88829a222e75d4e42e542090ab9613ccb90a25
-
SSDEEP
393216:yt1aJNdbPmYRQK7+8KobA50pf0P1y1wwZmUh/lbTtJQlM5GB46LY8kX:yfidbrRQOKoXpfU1CwwZmElP0M5GWhrX
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 844 decc924c5d9724166e627622abfe52636a28c89253307aa88966c70b77a3e1a6.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language decc924c5d9724166e627622abfe52636a28c89253307aa88966c70b77a3e1a6.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language decc924c5d9724166e627622abfe52636a28c89253307aa88966c70b77a3e1a6.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3032 wrote to memory of 844 3032 decc924c5d9724166e627622abfe52636a28c89253307aa88966c70b77a3e1a6.exe 31 PID 3032 wrote to memory of 844 3032 decc924c5d9724166e627622abfe52636a28c89253307aa88966c70b77a3e1a6.exe 31 PID 3032 wrote to memory of 844 3032 decc924c5d9724166e627622abfe52636a28c89253307aa88966c70b77a3e1a6.exe 31 PID 3032 wrote to memory of 844 3032 decc924c5d9724166e627622abfe52636a28c89253307aa88966c70b77a3e1a6.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\decc924c5d9724166e627622abfe52636a28c89253307aa88966c70b77a3e1a6.exe"C:\Users\Admin\AppData\Local\Temp\decc924c5d9724166e627622abfe52636a28c89253307aa88966c70b77a3e1a6.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3032 -
C:\Users\Admin\AppData\Local\Temp\decc924c5d9724166e627622abfe52636a28c89253307aa88966c70b77a3e1a6.exe"C:\Users\Admin\AppData\Local\Temp\decc924c5d9724166e627622abfe52636a28c89253307aa88966c70b77a3e1a6.exe"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:844
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.2MB
MD52a9c5db70c6906571f2ca3a07521baa2
SHA1765fa27bbee6a02b20b14b2b78c92a880e6627e5
SHA256c69ce89b0487d86a63b64951207781f8051282afde67b20d3b8374c1a067f611
SHA512fa4a677eaae2d258ac4f083a4e7009d985523b964ada93f53dc399a88c14970c7be2d2f39a7b38a922b58d134df2ede954554dcd00a4895e4273161867acac53
-
Filesize
4B
MD5365c9bfeb7d89244f2ce01c1de44cb85
SHA1d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1