Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    95s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2024, 10:16

General

  • Target

    b78ede01b581fa24b2c423069f3550beef40d441f8f3c0eae5d7880dbf0cc7d2N.exe

  • Size

    6.4MB

  • MD5

    156924e27f163099e490a991c5a54f70

  • SHA1

    53b86ca2559673b41a9a976cc48d2477856c50f0

  • SHA256

    b78ede01b581fa24b2c423069f3550beef40d441f8f3c0eae5d7880dbf0cc7d2

  • SHA512

    fcd93d526514d948af758df62baf03519b8517080dd29e8937387aa0d16bf75516d91924931f15ce681f1aa19f00a76155ab880f167a525285be02e6f16488c9

  • SSDEEP

    98304:emhd1UryeXTnztENJYasV7wQqZUha5jtSyZIUbt:el31wJYas2QbaZtli4

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b78ede01b581fa24b2c423069f3550beef40d441f8f3c0eae5d7880dbf0cc7d2N.exe
    "C:\Users\Admin\AppData\Local\Temp\b78ede01b581fa24b2c423069f3550beef40d441f8f3c0eae5d7880dbf0cc7d2N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1872
    • C:\Users\Admin\AppData\Local\Temp\9E24.tmp
      "C:\Users\Admin\AppData\Local\Temp\9E24.tmp" --splashC:\Users\Admin\AppData\Local\Temp\b78ede01b581fa24b2c423069f3550beef40d441f8f3c0eae5d7880dbf0cc7d2N.exe 415A31A973E12F395C67E45D212E91FB2B6ED43C99A60B2195BB1491065CD8DCDD93B99090819EB66C417B8B6A078E17301F82D5624286EA998A52137EED81F8
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4560

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\9E24.tmp

    Filesize

    6.4MB

    MD5

    e85201f9ed4d829d4ad537761e54ac28

    SHA1

    6abc7122307043123f8bec8f703de9aa8e8eff4c

    SHA256

    56d35ebbd72f7f36975983f97ca175924b436a429635ecc9762af1fff7ac4656

    SHA512

    fc4f20824127be241e2643630b7ea6a76b373cf3ca95b895d02131fa8dc4149fbcb96e57a4f2435d36ab92f3a19967a9652ba6d1a63e9858fc9a6f2680bd68dd

  • memory/1872-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

  • memory/4560-5-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB