Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

14d5ba4a71...0N.exe

windows7-x64

7

14d5ba4a71...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/09/2024, 00:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14d5ba4a713d36173778155b916a2020N.exe

  • Size

    41KB

  • MD5

    14d5ba4a713d36173778155b916a2020

  • SHA1

    cb263f2ddef5aabfd987e71301ca0115834c35a0

  • SHA256

    b5420d6b385ba9e9aa7bfb0c8b91ec7be56c620a5f8f8f336ecb361319a7b264

  • SHA512

    ab858a1dfc3aef9d10a843c1694c17e4a9c009a3167fd07808dbdfc4e8a64620337cbeddd0f6b76d3bbcf87ac3fe30475bcd210d14f898f6ece5012f50604c00

  • SSDEEP

    768:ePyFZFASe0Ep0EpHZplRpqpd6rqxn4p6vghzwYu7vih9GueIh9j2IoHAcBHUIFve:e6q10k0EFjed6rqJ+6vghzwYu7vih9GY

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14d5ba4a713d36173778155b916a2020N.exe
    "C:\Users\Admin\AppData\Local\Temp\14d5ba4a713d36173778155b916a2020N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2320
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:3080

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    41KB

    MD5

    46ba49d6b6b69f61f8d95953ea51b3fb

    SHA1

    ccfffda54d3cd9b7745aa970df28bd28703472f4

    SHA256

    6e851ed80634aa81402e6b2935d04617ccc555f9a8c122d1a9bd0abf429d3a95

    SHA512

    3c3c4fa126fec0b7b63d76c446098bec633f937279061c3b3393f76d9851a7daa560807dc61a0b153a48e8084eb454065aac035f1718b5a3516ec4c47393c0a2

    Download Submit

  • memory/2320-0-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2320-6-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3080-7-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download