Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

fe9b4ff710...bN.exe

windows7-x64

7

fe9b4ff710...bN.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/10/2024, 11:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe9b4ff710fb1fba38766d067d87c7b652d003c5d3371e9d37d60e591ccab86bN.exe

  • Size

    30KB

  • MD5

    48b42045cfa251cbf51d4a15f77ad3f0

  • SHA1

    c134490623201c280301882f3e8fb747a0716269

  • SHA256

    fe9b4ff710fb1fba38766d067d87c7b652d003c5d3371e9d37d60e591ccab86b

  • SHA512

    28a7221e6077a52d45364d22678d5fd66712f5efa44aa6dc8bf529abcbe053a4ad841b9e55f82d9af89634517d4bc58326fcf9de87cd7c135beb99ba4e68e269

  • SSDEEP

    384:v/4LNJY74JwOllSBQmrb0i5PrmqHIKpa54b5f0iws0wGXeAcSn:v/qSamrxDmqoKM4Z0iwtwAKSn

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fe9b4ff710fb1fba38766d067d87c7b652d003c5d3371e9d37d60e591ccab86bN.exe
    "C:\Users\Admin\AppData\Local\Temp\fe9b4ff710fb1fba38766d067d87c7b652d003c5d3371e9d37d60e591ccab86bN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1020
    • C:\Users\Admin\AppData\Local\Temp\2024101311.exe
      C:\Users\Admin\AppData\Local\Temp\2024101311.exe down
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:3888
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\del.bat
      2⤵
      • System Location Discovery: System Language Discovery
      PID:748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2024101311.exe
    Filesize

    30KB

    MD5

    68aadd4d6fea7efc2eb7ef0f3e5667ad

    SHA1

    5800548288627f4e56075d5eda17a3150d8c08ca

    SHA256

    98ec460becb04a8b9e548960144557936887c6a769c8ce0a21eb12668ac061b1

    SHA512

    7762f98e2e777c06f938cd60dfb19ce8144047126e314cba361d04ee9acff8ec197dee47248ab6b5d17d7e4f6fef0ab0bd94202e22feb49a1e2e24d57da630a9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\del.bat
    Filesize

    270B

    MD5

    54aed559f06560e28f00e63635d5b9bb

    SHA1

    9e53d7b49af650185a399d0d9660f1c9cc7683b7

    SHA256

    ab08bc774d1193d52e9db19f2f51d5c642796b62ef7075bcd9c6ce80bbba7371

    SHA512

    bf495b38e44256d6cd7990add37094d9b4379d5af6a81255755433bd64cfc3e3b94fad42d55b491263c00979132647a35801fe590163fd027d9e3b7b7a5dcd87

    Download Submit

  • memory/3888-14-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download