Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a210f52061...7N.exe

windows7-x64

7

a210f52061...7N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/09/2024, 01:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a210f52061bc2c09fa3df555bec283a9e8c11d4533e0bdeee4287abad2481f07N.exe

  • Size

    42KB

  • MD5

    d09a6d68797729f21edb555effc48650

  • SHA1

    2de146ffcd083a8471f8be6fd4f5c98ebea93d9a

  • SHA256

    a210f52061bc2c09fa3df555bec283a9e8c11d4533e0bdeee4287abad2481f07

  • SHA512

    c09281e956492ab129297f361236e8a4b13f597f0795ac883d291d5ecd1defb65e6c8a3e2e49d859b5ed5967647b2b2087f9552e6a3fd1b303c878e41c3e8d5f

  • SSDEEP

    768:DqPJtsA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNhL:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wYr

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a210f52061bc2c09fa3df555bec283a9e8c11d4533e0bdeee4287abad2481f07N.exe
    "C:\Users\Admin\AppData\Local\Temp\a210f52061bc2c09fa3df555bec283a9e8c11d4533e0bdeee4287abad2481f07N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2000
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    42KB

    MD5

    e9aef9f9144e50d3d285f9b0d311ac42

    SHA1

    c3c01d2852494f4048103dd5cce816e6edc5deac

    SHA256

    432e0d3b37797369d195edce2ae7131953ce13d38a653c0dd7bcb07536b57a22

    SHA512

    a34c849b1fab863abfab2bf87cb8da370de68cfeb323ab262672997e00ee5343370b2386e88f74cf98448e6a6cbb3479e53853cb02b6ea750e50c25be7c55eb6

    Download Submit

  • memory/2000-0-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2000-7-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2364-8-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2364-10-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.