Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

89273a8239...3N.exe

windows7-x64

7

89273a8239...3N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 00:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    89273a8239cf3021b0a54aebca686b679daf1764a4f33e6e4c4e4eaaa3b442a3N.exe

  • Size

    42KB

  • MD5

    8f0d1145fae3226e71cb00bef0dee890

  • SHA1

    085075f00d15916cc5654e882994f742013efc3b

  • SHA256

    89273a8239cf3021b0a54aebca686b679daf1764a4f33e6e4c4e4eaaa3b442a3

  • SHA512

    379a4a5d1e4dcf5c7956b0b2912919909adbae39dd0b8c62da080defbadd74bc3e9bd16cd53ac28ee72dcb4f1db783df7edf71f09a5a0b3d3b3334789367ea88

  • SSDEEP

    768:ePyFZFASe0Ep0EpHZplRpqpd6rqxn4p6vghzwYu7vih9GueIh9j2IoHAjUvJjWHJ:e6q10k0EFjed6rqJ+6vghzwYu7vih9G0

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\89273a8239cf3021b0a54aebca686b679daf1764a4f33e6e4c4e4eaaa3b442a3N.exe
    "C:\Users\Admin\AppData\Local\Temp\89273a8239cf3021b0a54aebca686b679daf1764a4f33e6e4c4e4eaaa3b442a3N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2636
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:2740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    42KB

    MD5

    b82e9a8e9db461c339a8e0acb108b9d8

    SHA1

    f56158ba10ba419faa2f74d78cfcff1faee20e48

    SHA256

    9ac05fa610e167f5074773ed15634c633eaa259859203eb7ceb1967b351a3d78

    SHA512

    08d14f772485fbf31ee190067b086872408600cf42547fc32796f2848ce5913454eafd8640e1dddbe602693b15fe1ff1df40d0059d25b3f5da135c96536bcb9b

    Download Submit

  • memory/2636-0-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2636-3-0x0000000000220000-0x000000000022E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2740-9-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2740-11-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download