Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

452947df0a...dN.exe

windows7-x64

7

452947df0a...dN.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    90s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28/09/2024, 09:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    452947df0a41613610f2e3f5e3e4df8f37203fcceeba044e3ea51821dce1b6adN.exe

  • Size

    37KB

  • MD5

    1e29bad4a375bc77369d87a9f2133780

  • SHA1

    580a8c0864f875f979b227d205d030ee4c5987bd

  • SHA256

    452947df0a41613610f2e3f5e3e4df8f37203fcceeba044e3ea51821dce1b6ad

  • SHA512

    db707894788f838b4180ba8df29259a363c814192a4ad5458437b4b6b715d1f676dadade2b79d83cfec1be361e6f25762a99af1642831d34018cbf1f6d421997

  • SSDEEP

    384:MApc8m4e0GvQak4JI341C0abnk6hJPohjLmyGo:MApQr0GvdFJI34qTk6hJPoVim

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\452947df0a41613610f2e3f5e3e4df8f37203fcceeba044e3ea51821dce1b6adN.exe
    "C:\Users\Admin\AppData\Local\Temp\452947df0a41613610f2e3f5e3e4df8f37203fcceeba044e3ea51821dce1b6adN.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\windows\SysWOW64\sal.exe
      "C:\windows\system32\sal.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\sal.exe
    Filesize

    37KB

    MD5

    7f14fd2d9bd112c7d08fafd51ec99d48

    SHA1

    903922abc2f0c9e036b6c9f1076335bad67aa7f2

    SHA256

    60c6373c44725873c768f6d8d26b5603a9f2d3576db175a82d7c50108127d1dd

    SHA512

    cad77276efe0638804f677f79449decd4b0868749eb09dfca2e11d3181d2ddf70af35657a6214a5296c2f9e79e40f40c7a2b69a6b8586eb6e95fa2b4d5829203

    Download Submit

  • memory/2108-0-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2108-9-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2764-12-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.