Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-10-12...er.exe

windows7-x64

7

2024-10-12...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2024, 03:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-10-12_4c403dc72a5bf22e60c8c6dbf25773d1_magniber.exe

  • Size

    7.4MB

  • MD5

    4c403dc72a5bf22e60c8c6dbf25773d1

  • SHA1

    5ebe9ebec72ddc5182d4bdd4e0fca21b27cfe271

  • SHA256

    41940e8af334a009d08dcf9c9a467309d28b44e7ad215898d96e613d5fd1f85c

  • SHA512

    82a598304eb026effd953d04ef1fa8171ee82d33bdafc97c0f6739f15ab577fb5a8d4a4e115a6654f4cd0ceef2ca095162cb230ca53d53b56af24f1c3a458684

  • SSDEEP

    98304:/t+ebVLdahr+YTRi0TGgU8oxKFK7JIhXa1PSELk/GEAUfZ82ub8GRprbGJ1y1xWo:Rh6hoeK71aELkaUfdOMeXdVlG5Fp+

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-12_4c403dc72a5bf22e60c8c6dbf25773d1_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-12_4c403dc72a5bf22e60c8c6dbf25773d1_magniber.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2128
    • C:\Users\Admin\AppData\Local\Temp\2024-1k0uNFX.exe
      "2024-1k0uNFX.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2024-1k0uNFX.exe
    Filesize

    7.4MB

    MD5

    222c5e05e6e2b829b3b6ff56a54248ba

    SHA1

    18ff9c6c72d4807f66d186dc3962b12165766eb7

    SHA256

    a29445c3bf409ff53f1baeba1c3b4eaca9c7163f9d5d6d057fbbdf8f4d5d49ef

    SHA512

    2aec869810cbf8a1d09307f8f755bd58f21a8114d1b5f43a3e845342a12c25b72e824aca7e2173c39be94774a1c9d71c6aba96c72500cc41ead80490057efa63

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cfg.ini
    Filesize

    18B

    MD5

    d183f7f2ff5b3784750c3abc742d1ef7

    SHA1

    03c198723edf2f392a74c22eb5ac505eb6f008c1

    SHA256

    d3e1970cf41ad4d995454c672a3d2767bca86728872ab25722396c38404eb379

    SHA512

    89af60785b3418765a80dcd656e0f6d889577a84542526a98b7158a8d7b99d6409dd9d6ad37f531ad609523b58420deb3276738bd5db29a2aff6b0bcdbe3b040

    Download Submit

  • memory/2128-6-0x0000000000870000-0x0000000000EAE000-memory.dmp

    Filesize

    6.2MB

    Download