Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

911a8c5908...0N.exe

windows7-x64

7

911a8c5908...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/09/2024, 05:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    911a8c5908c24be350337f2cb23cb7b0N.exe

  • Size

    53KB

  • MD5

    911a8c5908c24be350337f2cb23cb7b0

  • SHA1

    6790ce1a87c05dea8f0690dfc62b1bd96335e599

  • SHA256

    1c284c41ac1718876ade0ca63811425f081ea8ff3d78da2c5068fb358f170a21

  • SHA512

    d1f5ba97d87c0edb3ba89e19350a6522be748b842e5d74dad69eaa16a7a96ef52a96e48800963bfe7fc24a8f8369127d0fc5a3ece62396e4c48418a0ab4bb12c

  • SSDEEP

    768:RzG9lCapIyMsDlfjQelqYreP23SUx94NMyKZNu:g9lDpI4zFSUFXZNu

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\911a8c5908c24be350337f2cb23cb7b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\911a8c5908c24be350337f2cb23cb7b0N.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1664
    • C:\Users\Admin\AppData\Local\Temp\hots.exe
      "C:\Users\Admin\AppData\Local\Temp\hots.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hots.exe
    Filesize

    53KB

    MD5

    64d50a9f0571d3fb320cf1f6fbae9d5d

    SHA1

    bfe6b66ae80014d59d25d042d69150fa3de41da8

    SHA256

    eefb330ad856ff6772dda6c4438eb6b902a06aca6cc73ba64cabbf4a1bfffd79

    SHA512

    f2f3f499979d07269348c778e8ad40f54cc65ffd1657da7e8ab7007b43d01e9b8d77596c48d4e8dc07303f33350014d2822cb3251529f080b6679b4c7cd904ec

    Download Submit

  • memory/972-24-0x0000000000700000-0x0000000000706000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1664-0-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1664-1-0x0000000002360000-0x0000000002366000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1664-2-0x0000000002360000-0x0000000002366000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1664-3-0x0000000000400000-0x0000000000405000-memory.dmp

    Filesize

    20KB

    Download