Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
14/11/2024, 23:26
Static task
static1
Behavioral task
behavioral1
Sample
7a698045d9ef597fb483ef9f7b342a2cf0e1b5b7347b6794484052a8f6dc3aeb.exe
Resource
win7-20240729-en
General
-
Target
7a698045d9ef597fb483ef9f7b342a2cf0e1b5b7347b6794484052a8f6dc3aeb.exe
-
Size
254KB
-
MD5
ed4ca65326660451628eac602288dd7d
-
SHA1
5f811f7e2cbc6793312e9ea355fb1e6723abafd9
-
SHA256
7a698045d9ef597fb483ef9f7b342a2cf0e1b5b7347b6794484052a8f6dc3aeb
-
SHA512
01c54285ffcd363bb7d774d4e74d74dfdb3096b56642b0d8e789c9539e33594bbd3900f1d18008301cdd24642ccd618d5d952d5c3e3a61713867dfa913e0dce7
-
SSDEEP
6144:85p178U0MURaGyNXYWQzHazRfXrwSRnWwhrQNW:EeGUA5YZazpXUmZhqW
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2792 a1punf5t2of.exe -
Loads dropped DLL 2 IoCs
pid Process 3068 7a698045d9ef597fb483ef9f7b342a2cf0e1b5b7347b6794484052a8f6dc3aeb.exe 2792 a1punf5t2of.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Run\b1b2dqljdx3 = "C:\\Users\\Admin\\AppData\\Roaming\\b1b2dqljdx3\\a1punf5t2of.exe" 7a698045d9ef597fb483ef9f7b342a2cf0e1b5b7347b6794484052a8f6dc3aeb.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7a698045d9ef597fb483ef9f7b342a2cf0e1b5b7347b6794484052a8f6dc3aeb.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language a1punf5t2of.exe -
Suspicious use of WriteProcessMemory 14 IoCs
description pid Process procid_target PID 3068 wrote to memory of 2792 3068 7a698045d9ef597fb483ef9f7b342a2cf0e1b5b7347b6794484052a8f6dc3aeb.exe 31 PID 3068 wrote to memory of 2792 3068 7a698045d9ef597fb483ef9f7b342a2cf0e1b5b7347b6794484052a8f6dc3aeb.exe 31 PID 3068 wrote to memory of 2792 3068 7a698045d9ef597fb483ef9f7b342a2cf0e1b5b7347b6794484052a8f6dc3aeb.exe 31 PID 3068 wrote to memory of 2792 3068 7a698045d9ef597fb483ef9f7b342a2cf0e1b5b7347b6794484052a8f6dc3aeb.exe 31 PID 3068 wrote to memory of 2792 3068 7a698045d9ef597fb483ef9f7b342a2cf0e1b5b7347b6794484052a8f6dc3aeb.exe 31 PID 3068 wrote to memory of 2792 3068 7a698045d9ef597fb483ef9f7b342a2cf0e1b5b7347b6794484052a8f6dc3aeb.exe 31 PID 3068 wrote to memory of 2792 3068 7a698045d9ef597fb483ef9f7b342a2cf0e1b5b7347b6794484052a8f6dc3aeb.exe 31 PID 2792 wrote to memory of 1660 2792 a1punf5t2of.exe 32 PID 2792 wrote to memory of 1660 2792 a1punf5t2of.exe 32 PID 2792 wrote to memory of 1660 2792 a1punf5t2of.exe 32 PID 2792 wrote to memory of 1660 2792 a1punf5t2of.exe 32 PID 2792 wrote to memory of 1660 2792 a1punf5t2of.exe 32 PID 2792 wrote to memory of 1660 2792 a1punf5t2of.exe 32 PID 2792 wrote to memory of 1660 2792 a1punf5t2of.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\7a698045d9ef597fb483ef9f7b342a2cf0e1b5b7347b6794484052a8f6dc3aeb.exe"C:\Users\Admin\AppData\Local\Temp\7a698045d9ef597fb483ef9f7b342a2cf0e1b5b7347b6794484052a8f6dc3aeb.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3068 -
C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2792 -
C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"3⤵PID:1660
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
254KB
MD5297fce85a4d854e44dd4a82ba67c262b
SHA1cb99421d05f3f07f3ff991ef4ca531b9202f916c
SHA256b36ba34496e490ad582029d1ae47e352df6450255626a278b80fdf86f8e200e0
SHA512ed2a87f1c7ce2cb3ae796ac1f962297374c84f57bdb624d41608c2e00b72d141ca02f85daa064c145eb055e1fade1668ca5a048a30794123c1299bbbd0499272