Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

fe9b4ff710...bN.exe

windows7-x64

7

fe9b4ff710...bN.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2024, 11:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe9b4ff710fb1fba38766d067d87c7b652d003c5d3371e9d37d60e591ccab86bN.exe

  • Size

    30KB

  • MD5

    48b42045cfa251cbf51d4a15f77ad3f0

  • SHA1

    c134490623201c280301882f3e8fb747a0716269

  • SHA256

    fe9b4ff710fb1fba38766d067d87c7b652d003c5d3371e9d37d60e591ccab86b

  • SHA512

    28a7221e6077a52d45364d22678d5fd66712f5efa44aa6dc8bf529abcbe053a4ad841b9e55f82d9af89634517d4bc58326fcf9de87cd7c135beb99ba4e68e269

  • SSDEEP

    384:v/4LNJY74JwOllSBQmrb0i5PrmqHIKpa54b5f0iws0wGXeAcSn:v/qSamrxDmqoKM4Z0iwtwAKSn

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fe9b4ff710fb1fba38766d067d87c7b652d003c5d3371e9d37d60e591ccab86bN.exe
    "C:\Users\Admin\AppData\Local\Temp\fe9b4ff710fb1fba38766d067d87c7b652d003c5d3371e9d37d60e591ccab86bN.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Users\Admin\AppData\Local\Temp\2024101311.exe
      C:\Users\Admin\AppData\Local\Temp\2024101311.exe down
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:1984
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\del.bat
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:1960

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2024101311.exe
    Filesize

    30KB

    MD5

    606ca90ba738e24aa324cd4c2d3e9204

    SHA1

    1b93eeb62b324d524eb1eb5fd80595b858b90093

    SHA256

    c9d426fc83e71318f9eceb4c93e4bad41c8b1c5b92726bbf8fa10a3583b353d3

    SHA512

    fe568c38c57acf7f8f742099eb4f1e67e4c3caad2cd6cad3c5ad4332ed6d46e0950a3ffbc525a144abe432a6e462b18fdb7ba6c9b451b829e2968bc5cfc2d028

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\del.bat
    Filesize

    270B

    MD5

    54aed559f06560e28f00e63635d5b9bb

    SHA1

    9e53d7b49af650185a399d0d9660f1c9cc7683b7

    SHA256

    ab08bc774d1193d52e9db19f2f51d5c642796b62ef7075bcd9c6ce80bbba7371

    SHA512

    bf495b38e44256d6cd7990add37094d9b4379d5af6a81255755433bd64cfc3e3b94fad42d55b491263c00979132647a35801fe590163fd027d9e3b7b7a5dcd87

    Download Submit

  • memory/1984-24-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download