Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

WhatsApp-win8.exe

windows7-x64

4

WhatsApp-win8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 05:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WhatsApp-win8.exe

  • Size

    2.8MB

  • MD5

    026b5dbcc944eecb53dcb47dcb2d11ec

  • SHA1

    2a5aaa64fa68363a5dbd7473c5b53ad40fe75a2b

  • SHA256

    50b808977b10d6f9069ae8d7690db10e4e3b42a074927170a3d6e9b0a081bec9

  • SHA512

    d112b65dfd4816d433ae6f323af81ecd62f991144891731df284a6f9635b69277e5a5f355a2f805c52e126fcec2fd0bc420acc2b971e118a591fa200a1f003ba

  • SSDEEP

    49152:TV9RnbCvivTLMtogtB5HfzhovA/nGFDll1+KAP7bCCB7VVgLg:x9RnbCa8o85VucQt+u4gLg

Score
4/10
discovery

Malware Config

Signatures

  • Drops file in Program Files directory 34 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WhatsApp-win8.exe
    "C:\Users\Admin\AppData\Local\Temp\WhatsApp-win8.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1032
    • C:\Windows\SysWOW64\mshta.exe
      "C:\Windows\SysWOW64\mshta.exe" "C:\Program Files (x86)\WhatsApp-win8\start.hta"
      2⤵
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      PID:2888

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\WhatsApp-win8\icon.ico
    Filesize

    105KB

    MD5

    c987932e92cc5e1d661858cb6c3ad487

    SHA1

    18a3ff5f316b8380b599e0728c114871f6bedddc

    SHA256

    74fa8ed3bdece00a0af48a6903b726a1208cfe9d14baf70586ea9c9755c3aac8

    SHA512

    a5bf7348db7395ae2f0cc0dea6590a50f1cff5de5b4697516171eaae7b29f6b1f2b071a362006d76a009c05fc7aaada859093976bacf48f6c7d392a899a04858

    Download Submit

  • C:\Program Files (x86)\WhatsApp-win8\img\master-logo.png
    Filesize

    31KB

    MD5

    fcbe684b2c8944506b3b15b3dc460ac2

    SHA1

    a752852e143f811c0693a1763472152014171793

    SHA256

    1ad898de89db555ea34c1eaa0fa5756613012d424da3c8e3e93009f8ce885490

    SHA512

    43bd8bc86b31164dfcf690c9e60455b1ba567cac77110956581cacfe0b76eeb119b24642bc7c38b97a26ca830b75481ada590516f7cab762af174d7040fb5295

    Download Submit

  • C:\Program Files (x86)\WhatsApp-win8\start.hta
    Filesize

    3KB

    MD5

    a8eff9c8ce936bdf74332aeeb5898f63

    SHA1

    7743bb314bb76d573fc916f926cb0f29854c35cc

    SHA256

    cbf684ae3000be4cf287fb16daedb806a0e472572077cc4c11d2a5e7e1aa2ce9

    SHA512

    8f4964623d8cafe64e68c65ed020b6f95e65d6377ef98ff198330a372f217e52c36d3fe3ffb413e33e26159e7e8c832e85f5766058fcc90737c670ff2b22cf05

    Download Submit