Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

5761b48a87...df.exe

windows7-x64

7

5761b48a87...df.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/09/2024, 06:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5761b48a873f44d6eb34916f429536e24a7f955f8a81ce006f93a863c1f8e7df.exe

  • Size

    15KB

  • MD5

    7c58ed3ec40b9640da0426a8ec30efe5

  • SHA1

    6d2b6b57e9ac6674e0ef5e98cee9fe0e54d9bd2b

  • SHA256

    5761b48a873f44d6eb34916f429536e24a7f955f8a81ce006f93a863c1f8e7df

  • SHA512

    78794b13879b2ce14042587d884b4a8765767de06587cdc5a979b11df00ac94ac8a0fe1b172ba5ad2f99390e5ca5f46ab91c56f2c33a5f2662d389505122c3b7

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4Yhhid:hDXWipuE+K3/SSHgxLid

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5761b48a873f44d6eb34916f429536e24a7f955f8a81ce006f93a863c1f8e7df.exe
    "C:\Users\Admin\AppData\Local\Temp\5761b48a873f44d6eb34916f429536e24a7f955f8a81ce006f93a863c1f8e7df.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3512
    • C:\Users\Admin\AppData\Local\Temp\DEMB640.exe
      "C:\Users\Admin\AppData\Local\Temp\DEMB640.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3176
      • C:\Users\Admin\AppData\Local\Temp\DEME05.exe
        "C:\Users\Admin\AppData\Local\Temp\DEME05.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2512
        • C:\Users\Admin\AppData\Local\Temp\DEM6433.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM6433.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3892
          • C:\Users\Admin\AppData\Local\Temp\DEMBAEE.exe
            "C:\Users\Admin\AppData\Local\Temp\DEMBAEE.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2260
            • C:\Users\Admin\AppData\Local\Temp\DEM113C.exe
              "C:\Users\Admin\AppData\Local\Temp\DEM113C.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:4824
              • C:\Users\Admin\AppData\Local\Temp\DEM675B.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM675B.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:1308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM113C.exe
    Filesize

    15KB

    MD5

    f296e879e3145cb64045d3404bda4975

    SHA1

    e03fd4297c433cbc6b6c014e91cd3130616362c3

    SHA256

    e30d1111c4aa811c7cd2fffc4fb8f5292db2b8b84ed7e9aeb9b950f04cfff0df

    SHA512

    8b2b021e3145e39507c509cb8ed57847a8b1c6acfa7e50776549236c78f1ad20367fb53a660114f50a3373e65027654eddbce18894dc4d4ae019017518623edb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM6433.exe
    Filesize

    15KB

    MD5

    82c3f5f401132c1d3f7a11836beff6c6

    SHA1

    7ce5afaf87ead9568d29e6a6e38982404540ca15

    SHA256

    94498af0ab1d6ee2a155ab70d39f7bacc00845e4d89fd6fa4ce377b43781883a

    SHA512

    4de54327e6ccecec8ae1083d13caca93f47421ad924d75dd7bfd038bc72561a6e60c2423226b6f61299bca4c0369e3d3180973ffe3e98977e43c9515f0d57909

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM675B.exe
    Filesize

    15KB

    MD5

    33dcd74824fa44fcfb070d2c54a473d7

    SHA1

    eef974c32dfd410b20e83ec469d9329769e2ac7a

    SHA256

    4dadffcf59a22817a6a47f0ea00b17590edb01a70642744cd9f78716108c6a6b

    SHA512

    4c86c7bf445fc38599c364dcf395c78872fa0acb5e6ffbb1d09706e6ec76346f7389345f6784201e759672c4d0e8f865f5acff3ec15be490c9a46bb355b5c4b5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMB640.exe
    Filesize

    15KB

    MD5

    ec417bdd94ca997b40b9937c3c1bbbf3

    SHA1

    6bb5e354f73787e03e4921d60ca06e57245c273a

    SHA256

    e7383189bcde5d3b68c4d3e1b166a3e95733fcef66c712428f98271e552ec93a

    SHA512

    4eecf9df6be7558d9d5aad5ac1535f340d6f4d862c24e61564b120269826c88d363a6c6fe328f93c49146410dd0a9437c50490a66398e4d58df3169ebdd13499

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEMBAEE.exe
    Filesize

    15KB

    MD5

    221cbf958135fd9f3e2d5b2c16504ad3

    SHA1

    ee211059c92dc0e7e2b452007c7f8b7f14ecf7ba

    SHA256

    a3f8a83ac7d6b1e10b67cb103156fe76cdb74f9275aedcbe49791ef98b5662a0

    SHA512

    de0574a397deb62031cfb45f19d901bc3a86b84deea9306488706d0ebbfd817fb49e45461a894e4dd58ac2b1fff872e708230c4362fda997883502b31a675373

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEME05.exe
    Filesize

    15KB

    MD5

    97caa930b159e0c85b4736cc67150b16

    SHA1

    8d900c009cbdebcdd9cc10e5280a1c234a1b44cb

    SHA256

    e8ec3b5b4ba2cf85391fd683d4a041a4a713e779861df44f4a150a156d74756c

    SHA512

    d77573d36e9f1e0e4f8feaa432c06b3ed541b9c35868195248f736978597023b1c1e6dbfc9f273621591301c1ff286c10f24496c68ce440344f3d8a8affdde3b

    Download Submit