Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
35s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
25/09/2024, 14:10
Static task
static1
Behavioral task
behavioral1
Sample
ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6.exe
Resource
win10v2004-20240802-en
General
-
Target
ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6.exe
-
Size
9.6MB
-
MD5
e80369709da8ca5c3ad3c005f700d004
-
SHA1
c41017769043d172e74b60813f799110fc8e8933
-
SHA256
ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6
-
SHA512
eaa691c33cf8247bcb362f1bd8f6c5769cb3e2f43eb0ce5b61d75b42679ed366a3c8589cfb7208403ed47772c2211f73acbf3433f361f9eb0caca625a4f10b7a
-
SSDEEP
98304:jUbzNQaG3nynzWQQMIHp7w0rbDdQwNSH6uE2Tp2mqSd18z17wF9vVGyWWyfJpr8B:eaSSJ7PbDdh0HtQba8z1sjzkAilU4I4
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 1768 ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6.exe 1768 ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1768 ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6.exe"C:\Users\Admin\AppData\Local\Temp\ff6cd674c88bb50c5569cfb719f3413e50a9e4c036152dd2966a3fbe5f9bc5a6.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1768
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5e78fcc6f938f66c8dfc7d38e5b69511f
SHA1f36365f6254ef0cb61a8d5f95d5ce3a7f23ba7a9
SHA256bca1235993079ce1fa147cbfcf484975cb8e5a9bbed84aac31e62071630a2323
SHA5125c2d5ff75efe49c7eb85cf563fecc3cb57b84aca9a44dff7eb172e504adc046ea42f80a8960301a7a7027ef21308010eec6c818593ef5fa0039280f85cc9e98a
-
Filesize
6KB
MD5c86cf07c5189b28cae8401b25b84ce63
SHA1fbfadc4eb423968b5cfd22674a0acd4975472823
SHA256a995fe574537e738d936baa7200f7c61e96b252a61849ea52ab0b80196583f63
SHA5127e0fb53e87a43e04dea4bcd4d56b103c6d67e0ea3eb34b47a2442f896cf8d7b3bf67800442967496ac6da8499c550f211b6926739dd260ef3e4e4baf0724db23
-
Filesize
38B
MD52ca51fdfad74cd0d83613bc3748f7a7a
SHA156d01efadf972a543bbef7a762dfa11396867b57
SHA2561b860ec450bcd27acdb95fae7137d109a7e1a374dcff0272e71a3bc33cdc9a43
SHA512e4f10e3d45bd74ab74cf674049181f12f95e90b1fc04d125206bcffbb2574fc6eef199d2c6b447ecacd93bb6eea5f5b988281358be64f01e2d77b97df185e485