Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
09/09/2024, 11:59
General
-
Target
d88384b40665edeedbad3f1bed2a8de0N.exe
-
Size
612KB
-
MD5
d88384b40665edeedbad3f1bed2a8de0
-
SHA1
d46bc5b9e8598033a440569bf48bc6525837e477
-
SHA256
9af29ab586c332282df764999daf6166e3c6676d22ede5afab11294a5ccb3a91
-
SHA512
7cd74eb362adfcc7d209a369c43cca367e7fee62b8f076549806089c33ed50e089c62fb53c02c82ed46db3954b90d87861a741b2ecfc7c42b95cce2eddfcb661
-
SSDEEP
12288:TGtAtScw3qEKBSGtAtScw3qEKBSGtAtScw3qEKB:814511451145
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Modifies system executable filetype association 2 TTPs 2 IoCs
-
UPX packed file 16 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 34 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Program Files directory 4 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 17 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d88384b40665edeedbad3f1bed2a8de0N.exe"C:\Users\Admin\AppData\Local\Temp\d88384b40665edeedbad3f1bed2a8de0N.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\OBQPA.EXE"C:\Program Files (x86)\OBQPA.EXE"2⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Enumerates connected drives
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
612KB
MD544130dc722398e32747b236db036b08f
SHA1588b54094790e7a307f01ee78b474ba7a605c527
SHA256d265d761906fdd6294dbc406f31f5335b66383a73ea6c3f8e0a38981515d43c6
SHA512e86e2768a5b0efea2249430bc009ee0566b253bddff87e40e016dac73d7a91d2ba7712457a34d2d97b0eeda0a009e4357aadf54c1394d051c90f1233db63afb7
-
Filesize
252B
MD5751238394924c278b2399d3ff813fa2b
SHA1212255ae4da4cb33522baea7d67dfaadf0f5344d
SHA2560de9d80eb7f513c8b6be59bd4e85468bbb074d8bab4f46608d476e7b6faf302e
SHA5125b04d2e028ed74dccb6a9e20e364c14e245c64dfd642c3072de298b2cda1cc8e64d5bb937713943b5b416c2e55055cb9dd75951748b79a8f888e8b615a64eb08
-
Filesize
286B
MD5f369cfe4fa440dc27eb0fcf9a9db3b42
SHA14b8a3acf35493c79d662cb9cf6842fd608c91854
SHA2564799afa3275645959d0a0d93aa19e7c1dbdb0cd7655ef36865a64d8ee269da35
SHA512c4db0608eaca941e39367faeb3baa90766953208c985f44a1f0e8389191715439d66e0c3521a50354c7d7aca682882a0e24e790c4a1ac19e85bd277032ae800c
-
Filesize
613KB
MD516f7fa5528fe4a0b58c8ee8da13b5703
SHA1a3b5da80b80855e1b87645efa9262acb81c1f767
SHA256843d39758f3ddb73ea29d22eed16a0c8c147feb96778b181bc96cf9c1be5407c
SHA5120f9630de20e2a1ab68cec6c1576e4b4b58b1f0718850079ddb2faa095b328867f7d007d354881a59cf50b2f928c16e82cb864c31c6e25a66e5da3908d2211d85
-
Filesize
440KB
-
Filesize
4KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
4KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
4KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB