Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    114s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/09/2024, 06:26

General

  • Target

    37d8cbbdd158501c65c5a0b863fcb0693db9cd8edf746a60905bb89e0d8dbb7cN.exe

  • Size

    4.2MB

  • MD5

    7838d252ba4b3d75f9b202f325cdb830

  • SHA1

    de7022425617f80cfa0fd9922dfab3a9cfb17735

  • SHA256

    37d8cbbdd158501c65c5a0b863fcb0693db9cd8edf746a60905bb89e0d8dbb7c

  • SHA512

    aedcdd7327155d25799b42f29bca9632f186470dc5e51d3893b80770656078808d364060b6f091bbfba6b05709b3cf25c3a221278051799403fee95423a97f2b

  • SSDEEP

    98304:Cmhd1UryeqmSVrXfBVVLUjH5oxFbxhVLUjH5oxFbx:ClKRVTXVUjZEdhVUjZEd

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37d8cbbdd158501c65c5a0b863fcb0693db9cd8edf746a60905bb89e0d8dbb7cN.exe
    "C:\Users\Admin\AppData\Local\Temp\37d8cbbdd158501c65c5a0b863fcb0693db9cd8edf746a60905bb89e0d8dbb7cN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2760
    • C:\Users\Admin\AppData\Local\Temp\5D1F.tmp
      "C:\Users\Admin\AppData\Local\Temp\5D1F.tmp" --splashC:\Users\Admin\AppData\Local\Temp\37d8cbbdd158501c65c5a0b863fcb0693db9cd8edf746a60905bb89e0d8dbb7cN.exe 50B6D1034C17146FD1C42A130AB56DD0959494DFC14462D47B93283F81BAD2CDE3880D6DD9AD7F7993C93A1BD369697DE2A8CBD6C7476ADFF4F93FDBA9FDCA13
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4664
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4332,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=4328 /prefetch:8
    1⤵
      PID:2252

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\5D1F.tmp

      Filesize

      4.2MB

      MD5

      0304f9d9381b8def027e0ed4bbb83a73

      SHA1

      fc4f1e257df8379260caa77b7efb6ad68c6c145d

      SHA256

      62831b122854e59dec90b821a4bf209470db6d4c31fe0f9eba2e10c24fe42fb8

      SHA512

      a665d943720fbc93338caca9e0ccfb0f9878773863b8bd33585a82ab824f2245e50646e652b55c928fa56cbbe63b806135071289a86ad35af51309fbc3a29fe2

    • memory/2760-0-0x0000000000400000-0x0000000000849000-memory.dmp

      Filesize

      4.3MB

    • memory/4664-5-0x0000000000400000-0x0000000000849000-memory.dmp

      Filesize

      4.3MB