Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
04/10/2024, 07:08
Static task
static1
Behavioral task
behavioral1
Sample
5dd65f4843efe5eab9285c21958a118920a57a5fa993c06e57d4ba88d222ea2c.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5dd65f4843efe5eab9285c21958a118920a57a5fa993c06e57d4ba88d222ea2c.exe
Resource
win10v2004-20240802-en
General
-
Target
5dd65f4843efe5eab9285c21958a118920a57a5fa993c06e57d4ba88d222ea2c.exe
-
Size
10.0MB
-
MD5
5ceaf3e253aa3de13933de0e15f82e7d
-
SHA1
aca6ec62477b0bf77905d2a45978853ba731f051
-
SHA256
5dd65f4843efe5eab9285c21958a118920a57a5fa993c06e57d4ba88d222ea2c
-
SHA512
74fe7307bf6fcfa339565699bcb5c5a5e5fc95b39749a510f92f2e5b621ddfd5b3d6c1a7ac0187af3f55e379b5df77ff1fd99f2818728d7509a3f7c255be499b
-
SSDEEP
196608:n4NS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:nmRrDjtLKkOa8ps6puAktIz
Malware Config
Signatures
-
Downloads MZ/PE file
-
Loads dropped DLL 2 IoCs
pid Process 3044 5dd65f4843efe5eab9285c21958a118920a57a5fa993c06e57d4ba88d222ea2c.exe 3044 5dd65f4843efe5eab9285c21958a118920a57a5fa993c06e57d4ba88d222ea2c.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 5dd65f4843efe5eab9285c21958a118920a57a5fa993c06e57d4ba88d222ea2c.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3044 5dd65f4843efe5eab9285c21958a118920a57a5fa993c06e57d4ba88d222ea2c.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5dd65f4843efe5eab9285c21958a118920a57a5fa993c06e57d4ba88d222ea2c.exe"C:\Users\Admin\AppData\Local\Temp\5dd65f4843efe5eab9285c21958a118920a57a5fa993c06e57d4ba88d222ea2c.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3044
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
4KB
MD57bcff2e8edc167cf3aa103a4d40321d4
SHA1292cb5017a33fbe74a8af16c07ba3e782db735e4
SHA25658f2f5f9c678c0ca74c06b557eafa983791c1f2f60121b46a139bc03750cc362
SHA512e8fcfff1eb0859ca836a6ea8f19084e2b437750bd0a2c8ecd846e52a722f0305a76a98a7ae3e4838ae15e28147f952344d0f4e510faaaf82dbdd2daadc632be1
-
Filesize
38B
MD55539f33dfd3eab2782e7d90d6055e547
SHA165fbd2836bc20a0e21a4a797ab296aee54fcd60a
SHA2568f26a7e1eee2189fc9c67cef083229c7eae9f20870bf3363b792bbfb706df6ec
SHA51285c84d99ee53bbaee8eb451d96ae34040627dcee4d9f601374fa2721c43daedff9c37c0c661708d358d15798f100b97e6f49edc191153ece19ac6a6f0550ebe4