Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3d23688120...0N.exe

windows7-x64

7

3d23688120...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/09/2024, 21:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d23688120194ae76a64381881b517f6e6bbcbe7d207f55d38aa63adc81e1ee0N.exe

  • Size

    51KB

  • MD5

    a4974a907fdb6078e978bc98d6268d50

  • SHA1

    1d57f44c8639b69c0d7ea1e88e5c76950ae3b813

  • SHA256

    3d23688120194ae76a64381881b517f6e6bbcbe7d207f55d38aa63adc81e1ee0

  • SHA512

    b3f06b5ac27b6dfbc9a14622d72db30cf481ba937ae103e496f83f6c42718817e4121094f9c6fe845b522d3fb4f47b3cd2b1610171aed33ee631fe0058b8f742

  • SSDEEP

    768:jxDDnyAiIbhn+oRTaFSxjquEDFAnA1tLRNk2djaYoCMHosOp:jxDDnd1Raqq2uBNdSCM2

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d23688120194ae76a64381881b517f6e6bbcbe7d207f55d38aa63adc81e1ee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\3d23688120194ae76a64381881b517f6e6bbcbe7d207f55d38aa63adc81e1ee0N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2560
    • C:\Users\Admin\AppData\Local\Temp\hcbnaf.exe
      "C:\Users\Admin\AppData\Local\Temp\hcbnaf.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2420

Network

  • flag-us
    DNS
    thisaintpc.com
    hcbnaf.exe
    Remote address:
    8.8.8.8:53
    Request
    thisaintpc.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    thisaintpc.com
    dns
    hcbnaf.exe
    60 B
     133 B
     1
    1

    DNS Request

    thisaintpc.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hcbnaf.exe
    Filesize

    52KB

    MD5

    de33ab6b29e70f95e48ef12651b7421e

    SHA1

    000a4f0a384c9fa44eb1c8c3c8967d12fd7811cb

    SHA256

    0a67f7e449559148ed1596acc0b0da153d39c4f86f43f4b5590dfe4e755857d6

    SHA512

    8ebd0a006990bca87c45077893a7b3a3aa04eb8b59b5a79aff1d9bbb229fd4c7fa309597f1afbaa326bb8db90cf4546c1127a83c8947881760ac7988f96e0028

    Download Submit

  • memory/2420-8-0x00000000000F0000-0x00000000000F4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/2560-1-0x00000000001B0000-0x00000000001B4000-memory.dmp

    Filesize

    16KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.