Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
14/10/2024, 14:19
Static task
static1
Behavioral task
behavioral1
Sample
0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813.exe
Resource
win10v2004-20241007-en
General
-
Target
0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813.exe
-
Size
10.3MB
-
MD5
a9eca8f320a5b18b756e051cb1ca9cf9
-
SHA1
f39d98f346704f77251ff9aaad582cd8a5bca2b0
-
SHA256
0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813
-
SHA512
355725aff358fbedfcfa32218c1931632e5b6b3c7098e94b15c46f6744f2537b0d1aa9e1052242b0332ff2b456703ff64e2e67aa0ea38e927269692c96b888bc
-
SSDEEP
196608:dXHSVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:dXHuf+6poDjBTRxa8psYSUa+arvSP0z
Malware Config
Signatures
-
Downloads MZ/PE file
-
Loads dropped DLL 2 IoCs
pid Process 1792 0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813.exe 1792 0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1792 0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813.exe"C:\Users\Admin\AppData\Local\Temp\0bb80cc74b3a83f07464abd4ec32f1dba7c049eec3d68de70a09cc6fa160e813.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1792
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD575149956753639a4a3c89a9f83663a3d
SHA11ca8848dab221dbbe6a539baabc04ad15d00e6ae
SHA2560cbcfecd9bcf4b71501499423057c1cbfd087739f0438a0e42cbc62d9e53d81d
SHA51202816f2ee1c04253364effaeefb48190b8d20aca2ad5665454993839b23466acdc84655552d327a9a1391bd0f83d4c2ee7399209feb2dabf8351f73deda59272
-
Filesize
2KB
MD523fc71bbc178e67020d06828d3c55de5
SHA139469be8205419fba7e666ca0e397735cafd7692
SHA2566f86235705b28ce2f38b2cc45f4b9d227493528b6824b07e266bc48325a98d5f
SHA512e1ad3dbe8ea3a681c1950757f68dd7732b9506828ae695dfb80c0942aab2806add2e6e8564720470e3e1bbee3777d928d31c53e8b8b6b294bd8a37173f284873
-
Filesize
38B
MD57268ff330cd8f8aa8f48286d002c725c
SHA103fedff8068793b48dbfb237f5c648433717261b
SHA256303939f88875be36108756e98353b94c53a7810868dd59018214ef184161ecab
SHA51257cf960c0db564d7c0bb0ba9190c336d999c5ad9789ece31d25b8417a63838b902c41cbcf79043f66cc504b1f2fc2c3fbffd69957724f397f8550b7be276b2e7