Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

731ec5dda7...e2.exe

windows7-x64

7

731ec5dda7...e2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/09/2024, 19:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    731ec5dda7fcfc5bda31e8609ec286049d26fa12cf7707d50197a468590c2ee2.exe

  • Size

    16KB

  • MD5

    de096a0b4d1e4ec6e1264561db544138

  • SHA1

    bcad7bb9591ce4a46cb89b97038754774a84b04a

  • SHA256

    731ec5dda7fcfc5bda31e8609ec286049d26fa12cf7707d50197a468590c2ee2

  • SHA512

    7d480a44b36a5a43fc22022205ac936216b6423e7d2fe4b224461fe544c53f55b2a6ced5746809b66672c8cf1a9ba2a57e679742db838b67137492d15ee1ffd6

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhY44EA1H:hDXWipuE+K3/SSHgxm5Z1H

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\731ec5dda7fcfc5bda31e8609ec286049d26fa12cf7707d50197a468590c2ee2.exe
    "C:\Users\Admin\AppData\Local\Temp\731ec5dda7fcfc5bda31e8609ec286049d26fa12cf7707d50197a468590c2ee2.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3740
    • C:\Users\Admin\AppData\Local\Temp\DEM8C32.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM8C32.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4444
      • C:\Users\Admin\AppData\Local\Temp\DEME2BF.exe
        "C:\Users\Admin\AppData\Local\Temp\DEME2BF.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:868
        • C:\Users\Admin\AppData\Local\Temp\DEM38BE.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM38BE.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2436
          • C:\Users\Admin\AppData\Local\Temp\DEM8EAE.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM8EAE.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:3872
            • C:\Users\Admin\AppData\Local\Temp\DEME50C.exe
              "C:\Users\Admin\AppData\Local\Temp\DEME50C.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:3084
              • C:\Users\Admin\AppData\Local\Temp\DEM3B1B.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM3B1B.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM38BE.exe
    Filesize

    16KB

    MD5

    e832ebb8156be72e8c47ab1a6f4d1b7f

    SHA1

    5e181134da260c307c8ad37b701f2e4b58ee8a24

    SHA256

    9917dc3db6a123ae4ce007921d7d3f218d4c8afcdb5a5f09886762dd5a9e46d7

    SHA512

    ff215593eca739b18cfabe86968f9c8d6ea9919e0dd7b96c616748fcc43a9e2f79ddc266d7d5c9f2f4d7b6dd6c73540e88f493f27121ce17a292d5863ffaf844

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM3B1B.exe
    Filesize

    16KB

    MD5

    9803db2cfa37d55ca9c0268f5b6b483b

    SHA1

    a1ba0d503f6358f293cbb649a9f1f7a828ff0ef2

    SHA256

    4267d39fe70884248579d946d5a19b4081862dc5929af71c1de94c1de1255f01

    SHA512

    57d2599dc083a731fe2b761687b936c47ccf17a594730095476dd8387059998d9fda4f78f196088e84e83945ad558e2dc02e2d415c7bfa5f00e0143cdff8cf52

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM8C32.exe
    Filesize

    16KB

    MD5

    c8d71cf802574ae7a04ceabeab9a13e7

    SHA1

    cf2c55af6367b5617bc66ebeba61e6a40a818864

    SHA256

    5105f9f3f2ca9001bca13479de1ef117173da306d344e171f1e4bbef5e7c9573

    SHA512

    90ff6eb7fa945f0a3f64224d372b0e6b03323f4b4c2fb25fb7978d2bf6d5725738f17aef4adbb9edb9b9f48250cc2da7dbb4991e26711c614480f8cdfa53dc4c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM8EAE.exe
    Filesize

    16KB

    MD5

    f4f252b4acafc797cb17eea7c5f3012b

    SHA1

    596abac313fa74363e4f54178a4549aab92b1a0d

    SHA256

    6f440d623981ca4165fc7ebb83b6e38ff07865320e72b7b6dbfcbb76ef9a6219

    SHA512

    b372d0cd650d55967574485c1f901313479404532a6e358f3069f57c24acc049251685aeea31d7de1c2f0aded91de0d3bd8fecca9a1bff91239d855f261b6d13

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEME2BF.exe
    Filesize

    16KB

    MD5

    d48ecaac795e90581db6304605b48564

    SHA1

    535b7ef17fc405993663937f1a08fd6f17011e37

    SHA256

    0e888b021f845515659dafcbc3eb7ccc29bbd7914b45fdb8bf11eb3aba533925

    SHA512

    d74495a55f92db3cbb09a6efbd61f4ee47c541f2d5697e7e06e3b614d120731b51dd8871370b7f370f84da45e47ac0ef7ce2973da82d68b58c1a568f40fa8085

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEME50C.exe
    Filesize

    16KB

    MD5

    3e8c10f6d29ffcb1d65fd1b38204a47a

    SHA1

    e96e718c25ef49b6b70f25cf8ec0fbe260a48f57

    SHA256

    6813fd804662f430c40d25396c037212fe39b8de5d87be0085aad7a8d215ea1a

    SHA512

    be56ce0acc33b52a8dfaff9dfab360571f621ae5301a4715eb345015c34c7e3bb9e61070c51e0d7d9075259fb3db11904931919ff4d98370b14ef695d09dad33

    Download Submit