Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c98b5da0a0...7N.exe

windows7-x64

7

c98b5da0a0...7N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    110s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/09/2024, 08:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c98b5da0a0489c284db3b6140e5fe508c0018323eaf121f694297d0f0b14bec7N.exe

  • Size

    1.6MB

  • MD5

    2222cc3141cde9c7a0eecad47d82e9d0

  • SHA1

    3e0aa12980f29ea2c148e1beecf90c8a36913bd7

  • SHA256

    c98b5da0a0489c284db3b6140e5fe508c0018323eaf121f694297d0f0b14bec7

  • SHA512

    4cf52576b47255b48d6131a8d885cc306743227ab112d7b80fb9f31478d7c372d3e8288fe3d536ab3aa62c66c4aa83af2e50999d922d8ae30a2477a3dfded584

  • SSDEEP

    24576:gawwKusHwEwS2YGqKRezO6I6h6gEGe/NIsWvMyCShx67:wwREDULNShv2NuMs67

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c98b5da0a0489c284db3b6140e5fe508c0018323eaf121f694297d0f0b14bec7N.exe
    "C:\Users\Admin\AppData\Local\Temp\c98b5da0a0489c284db3b6140e5fe508c0018323eaf121f694297d0f0b14bec7N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1872
    • C:\Users\Admin\AppData\Local\Temp\is-FQFB4.tmp\c98b5da0a0489c284db3b6140e5fe508c0018323eaf121f694297d0f0b14bec7N.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-FQFB4.tmp\c98b5da0a0489c284db3b6140e5fe508c0018323eaf121f694297d0f0b14bec7N.tmp" /SL5="$6021A,865850,776192,C:\Users\Admin\AppData\Local\Temp\c98b5da0a0489c284db3b6140e5fe508c0018323eaf121f694297d0f0b14bec7N.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-FQFB4.tmp\c98b5da0a0489c284db3b6140e5fe508c0018323eaf121f694297d0f0b14bec7N.tmp
    Filesize

    3.0MB

    MD5

    9849b55d0f079a6f5178e880b066d593

    SHA1

    65c8b250b1c39b783889feba67d3617b819d8086

    SHA256

    82ffee839e9879f0e78a3ac1da4d7f38940536c8ba5fdde2e0f9770aec5a470d

    SHA512

    b303d84dd53795902e2b24340ddbe3282bd3524d5e3b96ac172930e9d8e5d8276ae19545222ed2bdffb5a70875229f0fdf6672922c70027301b58ddcf273e4da

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-TBQQ9.tmp\idp.dll
    Filesize

    232KB

    MD5

    55c310c0319260d798757557ab3bf636

    SHA1

    0892eb7ed31d8bb20a56c6835990749011a2d8de

    SHA256

    54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

    SHA512

    e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

    Download Submit

  • memory/976-7-0x0000000000400000-0x0000000000706000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/976-13-0x0000000000400000-0x0000000000706000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/1872-0-0x0000000000400000-0x00000000004CB000-memory.dmp

    Filesize

    812KB

    Download

  • memory/1872-2-0x0000000000401000-0x00000000004A9000-memory.dmp

    Filesize

    672KB

    Download

  • memory/1872-12-0x0000000000400000-0x00000000004CB000-memory.dmp

    Filesize

    812KB

    Download