Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
129s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
18/10/2024, 11:08
Static task
static1
Behavioral task
behavioral1
Sample
2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9.exe
Resource
win10v2004-20241007-en
General
-
Target
2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9.exe
-
Size
10.3MB
-
MD5
f22cceeeba54f88ad53fc2b623303b4c
-
SHA1
e7fd674a3564c5ff4d5f6bc18006ec4a7986e574
-
SHA256
2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9
-
SHA512
2ba056db86aa9bd8b1c3dad5c1a4b7878b983dbf1400bb1651b429c546e532d59b485a4b7036a09877be8ee5cc1767181841a9f7463bcf8af645162361379f50
-
SSDEEP
196608:dXHSVf+6b9oDdh0qTRxa8z1sULDSe9a+5crvT9YqS4lU4I4:dXHuf+6poDjBTRxa8psYSUa+arvSP0z
Malware Config
Signatures
-
Downloads MZ/PE file
-
Loads dropped DLL 2 IoCs
pid Process 2384 2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9.exe 2384 2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2384 2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9.exe"C:\Users\Admin\AppData\Local\Temp\2b81b4b7f754296cb3a110fcec66e46303af49f7e81ef7f2873121799014b9a9.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2384
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5813f3de55f6a62a3d9ffb008fc46f7c6
SHA103e72e3c12f6ce3458d4221581f26b69fc646c02
SHA256fed581026c4d3241c70da2e5347a77343691f79e3a6ac8fff7056f91daf96c78
SHA512b6123a2ab7c74d14f627719cbfc0a89e3fde765930aef9862a371e94c99e364d2cb99403e92860ce7d209c6589ade46d7dfcbc78454799ad97a1c340171c27c4
-
Filesize
4KB
MD53b94ce2f321737aae12fc0329619d1ea
SHA1d7ffd8195eb0a141887575e5d62e1b41e2f600ec
SHA2565c03de10d00ced0fd0e37698f5b55530cc0bbec436682691631a58441187a6a5
SHA512353c03251cd3c9f6106083eb24819f1a09ecee75f59a33520203f8ccd0269763d173797744fe38d3bc0398b97869d8c01aec97432ce0ecb52dcf048ae850425f
-
Filesize
38B
MD5e4913b9f4ac233d0d28e047433b4b8e9
SHA1218f3c1690e956d4d18c0d8073d78ce7da717d08
SHA256f85a9a5e85736d421f7b7bb25f1550ceb84eda51b63e1793edc1dd3d6eb3e1f8
SHA512fd0bcc575717c93da4a0c842da190b5bcf82ab79b1b5566708460d64206959f6f97149165b980faa827eaca8bab4f779e6d0ac8e7643e10e7500de654089efc5