Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
131s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
05/10/2024, 05:55
Static task
static1
Behavioral task
behavioral1
Sample
b3a0d9dc3a7ebe0f9a31acea02134e1577c476c282ae67d0d5a5520c8fa4f4fc.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b3a0d9dc3a7ebe0f9a31acea02134e1577c476c282ae67d0d5a5520c8fa4f4fc.exe
Resource
win10v2004-20240802-en
General
-
Target
b3a0d9dc3a7ebe0f9a31acea02134e1577c476c282ae67d0d5a5520c8fa4f4fc.exe
-
Size
11.0MB
-
MD5
ba46dd7c30fd1f01578683dd1fb92253
-
SHA1
a8185dadf6221fba2656f1572e621527150eda50
-
SHA256
b3a0d9dc3a7ebe0f9a31acea02134e1577c476c282ae67d0d5a5520c8fa4f4fc
-
SHA512
fe79785d2635b66e329adf1c760fb5befeec3bbb3065c371181b8b6f313cbd015ab868c35252bdc1f2e80b76e924c66e9b1ec88a7562beb4707b33b39c27c933
-
SSDEEP
196608:pQp60nTosfS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:psnlfRrDjtLKkOa8ps6puAktIz
Malware Config
Signatures
-
Downloads MZ/PE file
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language b3a0d9dc3a7ebe0f9a31acea02134e1577c476c282ae67d0d5a5520c8fa4f4fc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 5072 b3a0d9dc3a7ebe0f9a31acea02134e1577c476c282ae67d0d5a5520c8fa4f4fc.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b3a0d9dc3a7ebe0f9a31acea02134e1577c476c282ae67d0d5a5520c8fa4f4fc.exe"C:\Users\Admin\AppData\Local\Temp\b3a0d9dc3a7ebe0f9a31acea02134e1577c476c282ae67d0d5a5520c8fa4f4fc.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5072
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4356,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=2540 /prefetch:81⤵PID:772
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD52c0acc22cf3846dbf6b8adfe12fedf35
SHA1cdaa9a2b288bde8f40b6117643a3d1e29229c9b5
SHA25672ce2d89ebe7fdfe9a1ba73b0e89eace7a98e07be2e504a7fe583bc4df2c1f04
SHA512eae7195acd192f914329fc1deb3916c27b9355a0f55f52a1cd0963cb65afc8e6d061d544b884c9aaa79dda9f8f58829f69e58c2ae9466d63f8ed3294c9486475
-
Filesize
16KB
MD5c69778b9f750de1573c06e7fd5ced448
SHA1a2c37f08ee41b2870a17b80c6d024695268fa385
SHA2565f89c6381d378caa8bc7613bbe200178bce9d2b4ac4319c38b85efd3dbf31693
SHA512a63916b93515a9d7c9aa9fce64a577bc2715aeb79f04c507de788b7709c909e6332c66e6614b937ede7afcc0af4c5146aa9ebe1c3de91e9cb0ed64b87ad9d505
-
Filesize
38B
MD5fa8d97914d9ac32e3154e3fb6db86a34
SHA12310792b41cd8638c91b133a98e9fb0eb3a333d7
SHA2564e89849a65cc858bbd93fbe79d2abeb7b4673212b620efbb993b0dfcdffdd879
SHA5128edb62de8eb5e080f0e82ff75a03caab0e34fbe3fd176d8e1b3ca9a959518eab903ca2aae849f8b5d868642082b802e25ce3616697eaf27f7eb7a24e470234cf