Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

汇博计�...ll.exe

windows7-x64

3

汇博计�...ll.exe

windows10-2004-x64

3

汇博计�...ry.msi

windows7-x64

7

汇博计�...ry.msi

windows10-2004-x64

7

汇博计�...gr.dll

windows7-x64

3

汇博计�...gr.dll

windows10-2004-x64

3

汇博计�...gr.dll

windows7-x64

3

汇博计�...gr.dll

windows10-2004-x64

3

汇博计�...gr.dll

windows7-x64

3

汇博计�...gr.dll

windows10-2004-x64

3

汇博计�...OP.exe

windows7-x64

3

汇博计�...OP.exe

windows10-2004-x64

3

汇博计�...ry.chm

windows7-x64

1

汇博计�...ry.chm

windows10-2004-x64

1

汇博计�...up.exe

windows7-x64

3

汇博计�...up.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    14/09/2024, 10:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    汇博计件工资(2005-03-16-16-02)/Desktop/HYPER_DESKTOP.exe

  • Size

    1.3MB

  • MD5

    7244024d83175540edfe17f2655ef33f

  • SHA1

    23bcfdd36a5f76ad5a9ed3b58ddb914b7ac1a971

  • SHA256

    062155b0a4c0c591ab61560bd6f21dbf234f936f1a1c11809d9b8471f7f3cac3

  • SHA512

    de86c056b1fc0dd9ba27e9614b50cef852b85b72ceefa192bdaf66eeaff97a14db95244c436c944b9e45eeaf0b671295de298d04d047460da12f2aa41362959f

  • SSDEEP

    24576:XoQXjhU23TAGB8EapKNiod4nxlAGcZKoFYuk3EPp6Bk3HxL:Xowe2BBZaENgxlggoFYuk0R6B4R

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\汇博计件工资(2005-03-16-16-02)\Desktop\HYPER_DESKTOP.exe
    "C:\Users\Admin\AppData\Local\Temp\汇博计件工资(2005-03-16-16-02)\Desktop\HYPER_DESKTOP.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:3008

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2112-0-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2112-1-0x0000000000400000-0x000000000089D000-memory.dmp

      Filesize

      4.6MB

      Download