Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
04/09/2024, 17:58
Static task
static1
Behavioral task
behavioral1
Sample
f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116.exe
Resource
win10v2004-20240802-en
General
-
Target
f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116.exe
-
Size
10.5MB
-
MD5
2fb670ce13457a072e0319ea474aa9d4
-
SHA1
c4d566f025eaafb394a583b451575b583ed3426e
-
SHA256
f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116
-
SHA512
1b653e60c2ba4205e91749feb155de7630373e7fd5f58c979398330cff2c052e35ace14669b15c618e2102caaaa025e44689b4c77f59f9d8f4e3ee504ff6607e
-
SSDEEP
196608:ONlYgS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4T:ONBRrDjtLKkOa8ps6puAktIzT
Malware Config
Signatures
-
Downloads MZ/PE file
-
Loads dropped DLL 2 IoCs
pid Process 2596 f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116.exe 2596 f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2596 f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116.exe"C:\Users\Admin\AppData\Local\Temp\f660d10387f6e31d275a521c214229ec2d85620c62e11b17c25b5be38da5a116.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2596
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD529de5bddd26b4da069940cba19cd0a87
SHA10965100326f30284a31fe871b24f94e7b1e1071d
SHA256a918d4cbb4b187427047df1a850849925dd4994184e9474b8b405680620348ec
SHA512fc139d21629171beff10e99606b5b5a180ed519ff6463a16d19c7f386644129be15f936e655c002d1f4886533433b43163554e75f6dd89c3ff894a24e4318103
-
Filesize
4KB
MD542925a49b97c325fd58c9d706c3e30c7
SHA178684685ff70b93d8fc342bd221c220caee26a5c
SHA2562b9d6a0547fa3154bbcdf6fd1439a5425e81d05485086f1f5405444ae69fcb09
SHA51277337fbc300a54d7f24e95678f86c872743824cba830a33be9f264529c266e2efb0b877a8c2150d8634700f2a568dd373d9aef1d4b8c9f18e0caa92faf2ad374
-
Filesize
38B
MD572071a1065026eb25c56757ea0d5abca
SHA1fff9cd00b09e38754c32a03b55c164bbf852655c
SHA256785c631f10eacff4ca1e1f8f98a51ce3c5392ca7cf84ec2b93ae7b9f1f502f75
SHA51204bda43baee228802a9c1fb5aa911f0277296618380e1d96edc81a6bcb3a64e8370558f695a0389aa8b0d910f36e91fe71c9592f52d35ecad5604173da9bdfc6