Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
15s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
27/10/2024, 22:05
Static task
static1
Behavioral task
behavioral1
Sample
OperaGXSetup.exe
Resource
win7-20240903-en
General
-
Target
OperaGXSetup.exe
-
Size
3.1MB
-
MD5
55b9a000654a03888ca18b750db46d7c
-
SHA1
facaab327614ba053bce3e545fcd7fed9e8ceb30
-
SHA256
65dbe0108727614fc1b82475e8fa0c171added385b1ec831e9cdc0c4af9d741a
-
SHA512
93093eef6b8d3820b6565d92be035d4214b059829afdfb6f8048b6772881c82f4e877a0a4d0b05bb00b1099b732eed3ed8b9c98a591f93386187c8c02906ce3e
-
SSDEEP
98304:LAcRTd/kggQSwydThBmnXodHG+z92I0xkZV8zDzSCw:PRTFkg3SwyhsXoRG+zAkZCzDz/w
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2148 setup.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language OperaGXSetup.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe"C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe"1⤵
- System Location Discovery: System Language Discovery
PID:2316 -
C:\Users\Admin\AppData\Local\Temp\7zSC096D866\setup.exeC:\Users\Admin\AppData\Local\Temp\7zSC096D866\setup.exe --server-tracking-blob=MjAxZjA1YjliYzBhMTE2Nzg3Y2MwYmJkNGQxMWYxZDcxNTFhYTlmMmNkNWQ0NDFmMTI3YWZjNjkyZWM4NDQ5YTp7ImNvdW50cnkiOiJQUiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT15dCZ1dG1fbWVkaXVtPXl0X2luZmx1ZW5jZXJzJnV0bV9jYW1wYWlnbj1jNTlfeXRfZ3hfdXNfUEFDS0dPRDUmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5vcGVyYS5jb20lMkZneCUyRnBhY2tnb2QlM0Z1dG1fc291cmNlJTNEeXQlMjZ1dG1fbWVkaXVtJTNEeXRfaW5mbHVlbmNlcnMlMjZ1dG1fY2FtcGFpZ24lM0RjNTlfeXRfZ3hfdXNfUEFDS0dPRDUlMjZzaG9ydGxpbmslM0R1NDA0aTlkdyUyNmMlM0RQQUNLR09ENSUyNnBpZCUzRHl0JTI2YWZfeHAlM0RjdXN0b20lMjZzb3VyY2VfY2FsbGVyJTNEdWkmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkZwYWNrZ29kJmRsX3Rva2VuPTU2OTk5NDA0IiwidGltZXN0YW1wIjoiMTcyNTEwMTI0NC4yMzE1IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyOC4wLjAuMCBTYWZhcmkvNTM3LjM2IEVkZy8xMjguMC4wLjAiLCJ1dG0iOnsiY2FtcGFpZ24iOiJjNTlfeXRfZ3hfdXNfUEFDS0dPRDUiLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS9wYWNrZ29kIiwibWVkaXVtIjoieXRfaW5mbHVlbmNlcnMiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoieXQifSwidXVpZCI6ImNlNDM1MTgzLTgzOGYtNGFiZi1iZDU1LTY5NzFkMmMxMzI5NiJ92⤵
- Executes dropped EXE
PID:2148
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.4MB
MD5b4da1657d31832c9965d54c5037a3402
SHA1c312863d621b0b5ec9ec930b1db73de3c95f7141
SHA256563fcd4ca2678ddb6c1366c92aa4daa410d7eba73d68d9336fb967f732770c8d
SHA512643d2ec57767443e0efcc580a0e5abe062375f34b936daa22aa24e20d837b84854de18f636dc0ca5d100b4309a456746d733a65f8d1ccb173fe590ab5bf99007