Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
14/09/2024, 12:53
Static task
static1
Behavioral task
behavioral1
Sample
cd8b9149a6bb640960387fc4b42afd328c3bf0692c539c02d3a69b3d5c0dce70.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
cd8b9149a6bb640960387fc4b42afd328c3bf0692c539c02d3a69b3d5c0dce70.exe
Resource
win10v2004-20240802-en
General
-
Target
cd8b9149a6bb640960387fc4b42afd328c3bf0692c539c02d3a69b3d5c0dce70.exe
-
Size
6.7MB
-
MD5
3eff9413e92eef737885f4f704b2bec5
-
SHA1
c76044b3e03b99ef931ae537727efddddf6f9368
-
SHA256
cd8b9149a6bb640960387fc4b42afd328c3bf0692c539c02d3a69b3d5c0dce70
-
SHA512
3aafd8ea1c401a90f931fc1862482fd93b317fec20152a2612f7b12c4edcde074340cfc886aac7d04b742f35ff04b53a58a93e62f6b1b9984524d49c0e1b5577
-
SSDEEP
196608:CXDDlNfn5ALQVGeWIzVvGumvCudL6OC9o1mI5:Ghn5kGheuWCCf5
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 1540 cd8b9149a6bb640960387fc4b42afd328c3bf0692c539c02d3a69b3d5c0dce70.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cd8b9149a6bb640960387fc4b42afd328c3bf0692c539c02d3a69b3d5c0dce70.exe -
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 656 Process not Found -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1540 cd8b9149a6bb640960387fc4b42afd328c3bf0692c539c02d3a69b3d5c0dce70.exe 1540 cd8b9149a6bb640960387fc4b42afd328c3bf0692c539c02d3a69b3d5c0dce70.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\cd8b9149a6bb640960387fc4b42afd328c3bf0692c539c02d3a69b3d5c0dce70.exe"C:\Users\Admin\AppData\Local\Temp\cd8b9149a6bb640960387fc4b42afd328c3bf0692c539c02d3a69b3d5c0dce70.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1540
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.4MB
MD513f2e7749a11b795dd5db7b728406c75
SHA1bdd392df6c7007ef5fe93fd0eeb7057f48ed8d13
SHA2565b8b4ec5622aabed629e8e9eb2dff9368bb4a6465d00d8bbf1ecb195688782e4
SHA512632766da9492b4678a258bd66de637e62da057199a80007626ae31d0734f0ab98f5c11ff43fc129d8ad6a01b9124377740a3fcfe9c641da7baf0616bc550ff29