Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

5b8e4397bb...1N.exe

windows7-x64

7

5b8e4397bb...1N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 20:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b8e4397bb3a785f3dcf115515a50ef6324d2bca74baced3e0ae4ef85295eb11N.exe

  • Size

    410KB

  • MD5

    0decb70b94cb40f4a54a05f701f82420

  • SHA1

    cbedb69f4d14e2c90cdc3b1e0d16648384db3a3a

  • SHA256

    5b8e4397bb3a785f3dcf115515a50ef6324d2bca74baced3e0ae4ef85295eb11

  • SHA512

    14faeff2bc0208a2f77ce858ba11f00d7253135f2e4b73c14f8da2c6741273c0a735b5ef39b1b8b0650e9fcf903fad19378736da41d1a409351db8aaffe0a708

  • SSDEEP

    6144:6BxIK3CTW8TMjp41u6nyHwnZTvFC/0qAcWiujK21ZyOQUztIIHHg1kAuZBLtOus:CxIK9V14ImyHYTvFmwTmqztIkHSkZt4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b8e4397bb3a785f3dcf115515a50ef6324d2bca74baced3e0ae4ef85295eb11N.exe
    "C:\Users\Admin\AppData\Local\Temp\5b8e4397bb3a785f3dcf115515a50ef6324d2bca74baced3e0ae4ef85295eb11N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2356
    • C:\ProgramData\grxmn.exe
      "C:\ProgramData\grxmn.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Documents and Settings .exe
    Filesize

    410KB

    MD5

    91d667633c9c48564dac8263dbbd6d5b

    SHA1

    5ecffbf3d747ca2d9c33106ffd1f7307c1782f06

    SHA256

    a7cf9fb917231bf061df665e845a6cc9cbdddb06ab132ef46911971183ee12cc

    SHA512

    958f61af3a0e6d0e9c0405e672c2309b807289789d5a62f327bb42d311de1c37ef7f25b052148e8b24a209a517df7608cb66616665674b231348ed867533725e

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    150KB

    MD5

    aef10b9ba25f907727558514f2dfbab0

    SHA1

    d67383ef1b23d4da72339d66de9541c2e1efaf53

    SHA256

    f5e77ddc706f6dffe056dc2f8a88adece36e0e4552bc70a85f36b1e01fe547ad

    SHA512

    5e607a70ca3fa489897f8df0c96570709839364cd8cabd5f76386dfff01ca2986d50c120cf82926dff950c7d7b6ec833ea7558b64ec8f0dfe2e5070abf1da103

    Download Submit

  • \ProgramData\grxmn.exe
    Filesize

    259KB

    MD5

    6bae06dd45e85bee5764debdeecdc596

    SHA1

    81f2a8abe8b3ec469b2396fd41c0f6bdddaa75a6

    SHA256

    643c449f8a0a8d8613cf2ca7c934cc33e0c998f33ce893b572053ecbbaf8307d

    SHA512

    91418ef8072c017485ce27b3d602ed06498033e7a116da600fd923fa85f6c58bd6b3caa4e84818615e6cf2d3d4c5b1c987425455126dd6cf3a59654086000bd7

    Download Submit

  • memory/2356-1-0x0000000000400000-0x000000000047C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/2356-0-0x0000000000400000-0x000000000047C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/2356-14-0x0000000000400000-0x000000000047C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/2696-133-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download