Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

3B4EE472D9...BA.exe

windows7-x64

10

3B4EE472D9...BA.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25/10/2024, 20:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3B4EE472D9C872BA1D96B7A676E809BA.exe

  • Size

    553KB

  • MD5

    3b4ee472d9c872ba1d96b7a676e809ba

  • SHA1

    33186a216fe8a37a993f42477b8f813a56ba5f09

  • SHA256

    a317bcadef76feec57223d92244a322eb4409990808a7bab96cc929fbc4a7164

  • SHA512

    22d93c0656d9ebb8f0e33497e2d02ecf8a9f160fff07620f0dfbd022b8449b99ae3d5dccb3d2f65f555d99415489bfcc4856eba3d87c2158c68c3922216e4985

  • SSDEEP

    12288:iLV6BtpmkjDwb1bL/mZyysVSX/GFFcEvz20Q3CE+A2whXXAo2RB:AApfy16yDSOzFvz20A7lXqB

Score
10/10
nanocorediscoveryevasionkeyloggerpersistencespywarestealertrojan

Malware Config

Signatures

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore
  • Nanocore family
    nanocore
  • Unexpected DNS network traffic destination 8 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in Program Files directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3B4EE472D9C872BA1D96B7A676E809BA.exe
    "C:\Users\Admin\AppData\Local\Temp\3B4EE472D9C872BA1D96B7A676E809BA.exe"
    1⤵
    • Adds Run key to start application
    • Checks whether UAC is enabled
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/800-0-0x0000000074871000-0x0000000074872000-memory.dmp

    Filesize

    4KB

    Download

  • memory/800-1-0x0000000074870000-0x0000000074E1B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/800-2-0x0000000074870000-0x0000000074E1B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/800-5-0x0000000074870000-0x0000000074E1B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/800-6-0x0000000074870000-0x0000000074E1B000-memory.dmp

    Filesize

    5.7MB

    Download