Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

f42692e58c...5a.exe

windows7-x64

10

f42692e58c...5a.exe

windows10-2004-x64

7

tppxqd.exe

windows7-x64

3

tppxqd.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    94s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/11/2024, 20:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f42692e58c63c0e14de4ce2bb31a92cb1bc5dbb11d0989f1619778fd4b7e2c5a.exe

  • Size

    367KB

  • MD5

    2818c9adb483309e0d5b2515b41a1507

  • SHA1

    6f30bfff6c27aef73be247dfd2333b6845876afc

  • SHA256

    f42692e58c63c0e14de4ce2bb31a92cb1bc5dbb11d0989f1619778fd4b7e2c5a

  • SHA512

    b8b212bf7f7d0f28608681a3a65ec696f1f302aefc8fb1e37ff53df07e6b3a7a3a7f5650ddd0b897f7681a892129feebebc968deddb279c1808a7154d1128b19

  • SSDEEP

    6144:TGiSUQepf9SGF0VBfXxG6xbXKJArYr0hOZg2guur3Hw03:mUd132BvIObXKeYohGLI3R3

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f42692e58c63c0e14de4ce2bb31a92cb1bc5dbb11d0989f1619778fd4b7e2c5a.exe
    "C:\Users\Admin\AppData\Local\Temp\f42692e58c63c0e14de4ce2bb31a92cb1bc5dbb11d0989f1619778fd4b7e2c5a.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3076
    • C:\Users\Admin\AppData\Local\Temp\tppxqd.exe
      C:\Users\Admin\AppData\Local\Temp\tppxqd.exe C:\Users\Admin\AppData\Local\Temp\javajcgag
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5076
      • C:\Users\Admin\AppData\Local\Temp\tppxqd.exe
        C:\Users\Admin\AppData\Local\Temp\tppxqd.exe C:\Users\Admin\AppData\Local\Temp\javajcgag
        3⤵
          PID:2084
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 556
          3⤵
          • Program crash
          PID:4672
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 5076 -ip 5076
      1⤵
        PID:920

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\cq00wa9nwzhggd6xh
        Filesize

        210KB

        MD5

        7afc9c0913886b271a94e2fd65948e89

        SHA1

        f7d03107689ab4bf5b2bc498a27c833786e61296

        SHA256

        70b0b30720dea145d86b5a65c9aeb7d91d385e70697cb38dcb851f83cf36e1d6

        SHA512

        0623d890c3da06b22ba543d9af57da647eddfc74849a5db32b9e807fa9112554cf977ba1b342d00897c61eb641aa679d0294de529f41ba2cefed45c8fb9cba9a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\javajcgag
        Filesize

        5KB

        MD5

        2cfb45713bf39a8b12312afeb8eeb863

        SHA1

        cdba2316f0374f2d6724e96ea4b4a6e4cc6782bc

        SHA256

        2420bb9b1c506c66cbcee9c739d39f9c0723aec89ac4dcee10d48bd8b17d7f92

        SHA512

        4394ac8470148989df4540f84fb74f6d3dc3df77ca3e2e7d100d90330bb09a52d288a1d96b81d79c3e7a692949fbdea2f036db244c471582ed9dad4aa471d63a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\tppxqd.exe
        Filesize

        114KB

        MD5

        3a4bc4e7fa9caf7ebc996222816d9ec2

        SHA1

        15e37286a7982a35092559743e7a2aadb2300a64

        SHA256

        56cd59981b0b8cf25d7d51c96b1cba9e300bc002a01030a08eb58ea30c015ef7

        SHA512

        26c6481987b859922c504fdc353cc1819943d9fbecea38cb01b0c708566788aca4fa5ff56c3e8f7a12be9be10dbbaca517f7423c00eb79d494cc83996a67b448

        Download Submit

      • memory/5076-7-0x0000000001030000-0x0000000001032000-memory.dmp

        Filesize

        8KB

        Download