Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d72e82a9bb...c2.exe

windows7-x64

7

d72e82a9bb...c2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/09/2024, 20:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d72e82a9bbbb97a0dc79a669c2f0e1e0b9ec7d6fb2bb2e71056fdf7e07d223c2.exe

  • Size

    16KB

  • MD5

    9e46230c789b8a09fcac100c09cb3582

  • SHA1

    75665fb2aa80eb940ce9d6f51e23fa9c38e34a38

  • SHA256

    d72e82a9bbbb97a0dc79a669c2f0e1e0b9ec7d6fb2bb2e71056fdf7e07d223c2

  • SHA512

    bbf6232f1981e255e27c40e9b554dd2f4801b89180bd0fed16a53a74546814cc4ae2d0af95ce8cda3d28b9b0121184ecc983eb8f7213c339ba04c66bb96fe667

  • SSDEEP

    384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4YhYETPq:hDXWipuE+K3/SSHgxmOy

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d72e82a9bbbb97a0dc79a669c2f0e1e0b9ec7d6fb2bb2e71056fdf7e07d223c2.exe
    "C:\Users\Admin\AppData\Local\Temp\d72e82a9bbbb97a0dc79a669c2f0e1e0b9ec7d6fb2bb2e71056fdf7e07d223c2.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4276
    • C:\Users\Admin\AppData\Local\Temp\DEM8BC5.exe
      "C:\Users\Admin\AppData\Local\Temp\DEM8BC5.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2616
      • C:\Users\Admin\AppData\Local\Temp\DEME280.exe
        "C:\Users\Admin\AppData\Local\Temp\DEME280.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4088
        • C:\Users\Admin\AppData\Local\Temp\DEM389F.exe
          "C:\Users\Admin\AppData\Local\Temp\DEM389F.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3016
          • C:\Users\Admin\AppData\Local\Temp\DEM8EAE.exe
            "C:\Users\Admin\AppData\Local\Temp\DEM8EAE.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:3316
            • C:\Users\Admin\AppData\Local\Temp\DEME4CD.exe
              "C:\Users\Admin\AppData\Local\Temp\DEME4CD.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:828
              • C:\Users\Admin\AppData\Local\Temp\DEM3ADC.exe
                "C:\Users\Admin\AppData\Local\Temp\DEM3ADC.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:4908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DEM389F.exe
    Filesize

    16KB

    MD5

    36c83d28df67f697f78154760af8985d

    SHA1

    c8027dc29aa24fd50e0274405aa5bee391ea52a0

    SHA256

    3c8d931896b1d0e3478190b1df83354bf3397f5c36a1f9464a906bef47e3de2f

    SHA512

    3481ad8bab49493e9c8e430043b2ecaa3152b8c29fa47bce3d7238574b49f7b8a0d879fc24cb236f34ba4a331ea32ad033f961c4d1729452e45d675211c445d9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM3ADC.exe
    Filesize

    16KB

    MD5

    70465746351b4817737007896bcb7b07

    SHA1

    359dbb58c90b463891f35cd89961d9277c9438bd

    SHA256

    284fe8c7fbfcdf6eee2bb2ab53845bc3b529d8bceac1acbf4a1312dfc2ffcc08

    SHA512

    4a902f0d82e87dafb0880bd341e19da5f1b3a6f5e45f4ead1dae92563123a991927f4d1a043d156ca55280acdebd09fc9c11f461aee6a3632add5347821f3f60

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM8BC5.exe
    Filesize

    16KB

    MD5

    f62adfeabd081cdee2cd75f253c572b4

    SHA1

    7fb306657408f522ad873d378ccd03148f02505e

    SHA256

    919a7335fa58c4e6a1bb0444e9c4d1427ccbb3427be8130e7e2fe9afe1db60d3

    SHA512

    3b1854637a6a079e8639f7ab9524a43d9c5951aeffe7499765de771ae3ecdfe5598df0d89e1be276d5a98239ae1a40527689f2cbd105ead0c949d82b982dbc0e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEM8EAE.exe
    Filesize

    16KB

    MD5

    13a79caa98d8904b4208e782284449b8

    SHA1

    e76c4bed0e4eedd575a1b2d52c9f0c0e35f95482

    SHA256

    d305be573f5826430b7f00def5266a1c264f7f48d8cbd7ca70d20dd99f718063

    SHA512

    25e5ec6319a95dcc03870bca08803b29ec0911623ba358f20ce46d82daf84f6573487a4004b33cb877d859c8266e43032011f0c4888257461c97efd7f33b803c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEME280.exe
    Filesize

    16KB

    MD5

    ff133271c54a40c1e5ecdfeb5f39de86

    SHA1

    12a423ab23f76480b7a84816ef13439927cd00f3

    SHA256

    35b65260549b47a4622db121f0fd676eb37b6a75f1ee98ef9b0d60943b1b2646

    SHA512

    3a0fb2875243394ab2a72e087a2c9462a8f41db95dfc041201dd978a33ba413e5f4a2b4a17b538f7e2351c11d519c6c71d1f0f4da19fb9f70a80fff7d9ad7b2f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DEME4CD.exe
    Filesize

    16KB

    MD5

    c88b5bb1af0b3781bf7309bcec9833eb

    SHA1

    506411728c5ccb8d9a2599e6fbb6c5d53f03b35b

    SHA256

    c08ffdf8a70f2d3f93e889bfe9d37332e04a57ff75ebd312d8e946f7c0af2dbb

    SHA512

    080a87d606ab43c189b56a37e40a28cb038936132259da111533c15e65b2a6d8fdd6fe372ad7f3fe469fe32fa586dcf33bfd5a42941c38126510e230567afad9

    Download Submit