Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 19:55

General

  • Target

    9kk.exe

  • Size

    381KB

  • MD5

    f5a1956973dce107d4c0b6267ce88870

  • SHA1

    79a19513d7c9cff939f2881c4172a05dbaef735b

  • SHA256

    7b794c5bdb820791f0359da90a9a4f258412b8feef9c6e6a0411f6aead9d3a04

  • SHA512

    f42180c75c0ae8dc083c6fff98a66c0d875fadb400d7945816ea330a54777632a3a7752d3e78b90e45f58ed3d04d6708b1dcea51d82711356e6d14e405a7c579

  • SSDEEP

    6144:1v60lgEVBlU2GTOMzuC/cuVXRCEPZG03ZrkZdlBF4P+/G1GB64iL7yMsEO:1vBLblUlH5LXPZd3Z4ZdlBWPsQGB64iQ

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9kk.exe
    "C:\Users\Admin\AppData\Local\Temp\9kk.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2648
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
        PID:2900
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2712
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 252
          3⤵
          • Program crash
          PID:2592

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2648-0-0x0000000073F1E000-0x0000000073F1F000-memory.dmp

      Filesize

      4KB

    • memory/2648-1-0x0000000000D20000-0x0000000000D80000-memory.dmp

      Filesize

      384KB

    • memory/2648-2-0x0000000073F10000-0x00000000745FE000-memory.dmp

      Filesize

      6.9MB

    • memory/2648-5-0x0000000073F10000-0x00000000745FE000-memory.dmp

      Filesize

      6.9MB

    • memory/2648-20-0x0000000073F10000-0x00000000745FE000-memory.dmp

      Filesize

      6.9MB

    • memory/2712-17-0x0000000000400000-0x0000000000464000-memory.dmp

      Filesize

      400KB

    • memory/2712-11-0x0000000000400000-0x0000000000464000-memory.dmp

      Filesize

      400KB

    • memory/2712-19-0x0000000000400000-0x0000000000464000-memory.dmp

      Filesize

      400KB

    • memory/2712-10-0x0000000000400000-0x0000000000464000-memory.dmp

      Filesize

      400KB

    • memory/2712-9-0x0000000000400000-0x0000000000464000-memory.dmp

      Filesize

      400KB

    • memory/2712-8-0x0000000000400000-0x0000000000464000-memory.dmp

      Filesize

      400KB

    • memory/2712-6-0x0000000000400000-0x0000000000464000-memory.dmp

      Filesize

      400KB

    • memory/2712-12-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

    • memory/2712-14-0x0000000000400000-0x0000000000464000-memory.dmp

      Filesize

      400KB