Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
14/10/2024, 11:40
Static task
static1
Behavioral task
behavioral1
Sample
6f3b8d2caf7a9ac3558d9aa5328676f168fb560a760a42dc5427fa72b0f22c2fN.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
6f3b8d2caf7a9ac3558d9aa5328676f168fb560a760a42dc5427fa72b0f22c2fN.exe
Resource
win10v2004-20241007-en
General
-
Target
6f3b8d2caf7a9ac3558d9aa5328676f168fb560a760a42dc5427fa72b0f22c2fN.exe
-
Size
43KB
-
MD5
51e1873389e6367829f982b413688030
-
SHA1
17f8261f549d85cce4330a29fc8a34b4be72d263
-
SHA256
6f3b8d2caf7a9ac3558d9aa5328676f168fb560a760a42dc5427fa72b0f22c2f
-
SHA512
1b9ae47321f0ae71f0a12b62ed4da453196c612ca7dfa790bf6a7d32ffb02cefcd869986f321009d471add05010d8bdc80a23e8ad717d746458dca1f3b5b6391
-
SSDEEP
768:UEEmoQDj/xnMp+yptndwe/PWQtOOtEvwDpjIm8lBth2fmmA1scIQv:ZzFbxmLPWQMOtEvwDpj38ltfmA9
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1704 misid.exe -
Loads dropped DLL 1 IoCs
pid Process 2568 6f3b8d2caf7a9ac3558d9aa5328676f168fb560a760a42dc5427fa72b0f22c2fN.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 6f3b8d2caf7a9ac3558d9aa5328676f168fb560a760a42dc5427fa72b0f22c2fN.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language misid.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2568 wrote to memory of 1704 2568 6f3b8d2caf7a9ac3558d9aa5328676f168fb560a760a42dc5427fa72b0f22c2fN.exe 30 PID 2568 wrote to memory of 1704 2568 6f3b8d2caf7a9ac3558d9aa5328676f168fb560a760a42dc5427fa72b0f22c2fN.exe 30 PID 2568 wrote to memory of 1704 2568 6f3b8d2caf7a9ac3558d9aa5328676f168fb560a760a42dc5427fa72b0f22c2fN.exe 30 PID 2568 wrote to memory of 1704 2568 6f3b8d2caf7a9ac3558d9aa5328676f168fb560a760a42dc5427fa72b0f22c2fN.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\6f3b8d2caf7a9ac3558d9aa5328676f168fb560a760a42dc5427fa72b0f22c2fN.exe"C:\Users\Admin\AppData\Local\Temp\6f3b8d2caf7a9ac3558d9aa5328676f168fb560a760a42dc5427fa72b0f22c2fN.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2568 -
C:\Users\Admin\AppData\Local\Temp\misid.exe"C:\Users\Admin\AppData\Local\Temp\misid.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1704
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
43KB
MD5cae3520f98cbc157aa8752626e928e2a
SHA1b099b5a7f7f400582f061a423923b0e33f79e220
SHA256a57b6fee0f3f29210d477e6cd4ed9be2a61748e0a4867de19b72400be4343186
SHA512196f7ef7fc9cf65056449efa7b23d5f9c30a8dacae72e1014e762b2f66141e72bb63adae3ac6e3bc5f9bf8663bb89b30c71f163d3ef58d5334703ad29d860e8a