Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

054e5db55e...0N.exe

windows7-x64

7

054e5db55e...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12/09/2024, 07:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    054e5db55ebec731478297e3265bed60N.exe

  • Size

    61KB

  • MD5

    054e5db55ebec731478297e3265bed60

  • SHA1

    cce47bf636d89e55d9e86ebab046cd16b7be9661

  • SHA256

    9247155122af2837cc74093308d82e28f4ca72668ee1af2263416940e5f01fd8

  • SHA512

    ea7cac5637b4b48c3ba7ca115405f98c3a87a9ebdf62820df146ad5c21e0f6f07a6a63312a4dd60f27e186b212909b817abb3679ee2fbde8426e4e7993349544

  • SSDEEP

    384:PsjPGY2HXgrk8YhQ98E8I1XAV/QcaYpATUgch1A9NB/erxlR5XTFiNJ:PePG5H8+hKD8ISZQjkgs1lxlRn8

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\054e5db55ebec731478297e3265bed60N.exe
    "C:\Users\Admin\AppData\Local\Temp\054e5db55ebec731478297e3265bed60N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1744
    • C:\Users\Admin\AppData\Local\Temp\winupdate.exe
      "C:\Users\Admin\AppData\Local\Temp\winupdate.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies system certificate store
      PID:2420

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\winupdate.exe
    Filesize

    61KB

    MD5

    c5297f8009e4ad557d2d23590fb1584d

    SHA1

    d0519ed8a6f4ed4952bcd1f1d59d47af6c5c0b13

    SHA256

    00c5114ff3cfc10364ce1c060dfdc21d4de062644f8562417761f64f60221f29

    SHA512

    b3f7e8b873c41e99e8ba4a773ff2e3f2d1c50c6fec477e83021a5f46b97db3d2fc5bac6040b4062d136b0cc2ea729303b74ea3097df6f9ffa544f0f4928da9a3

    Download Submit

  • memory/1744-0-0x0000000000500000-0x0000000000512000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1744-2-0x0000000000501000-0x0000000000502000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1744-8-0x0000000000500000-0x0000000000512000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2420-9-0x0000000000500000-0x0000000000512000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2420-11-0x0000000000500000-0x0000000000512000-memory.dmp

    Filesize

    72KB

    Download