Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

e93bb68678...72.exe

windows7-x64

7

e93bb68678...72.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/11/2024, 05:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e93bb6867842712ee13f8e679138cdea466594813a96fb27a5ddb62c437da972.exe

  • Size

    50KB

  • MD5

    6671bc7b91d7f9fe94dfde3418de0172

  • SHA1

    b1d5eca0ae5ef73f465543e39e0036fa8d75b3fa

  • SHA256

    e93bb6867842712ee13f8e679138cdea466594813a96fb27a5ddb62c437da972

  • SHA512

    301c4725f65d37c6141e1a5400211e54362ced90c94be297842a1a6245a59ba324cfe7214f6cc6fb1377330add6ee2562e5e7eacff0412e900968e086859de2c

  • SSDEEP

    1536:e6q10k0EFjed6rqJ+6vghzwYu7vih9GueIh9j2IoHAjU+EmkcU+uhIehXehXhHhE:E1oEFlt6vghzwYu7vih9GueIh9j2IoHh

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e93bb6867842712ee13f8e679138cdea466594813a96fb27a5ddb62c437da972.exe
    "C:\Users\Admin\AppData\Local\Temp\e93bb6867842712ee13f8e679138cdea466594813a96fb27a5ddb62c437da972.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3652
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:3960

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    50KB

    MD5

    a0d436802720228672ceb616cf878902

    SHA1

    47641d039087ba5dd3f9ff18439e26dc5ef559fd

    SHA256

    a536197872b944ff2dfc6a23ee0e15fa52457c6fbacdd161833b71fa98c31da7

    SHA512

    ddc82f81af0e65425bd5f00fe7994aa93146dd3f4c433ccb3325694fedb020a447f5a600c62c1b044285ff4e13828ebc81f1efa98516cfaac6ee29a72093e8c6

    Download Submit

  • memory/3652-0-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3652-6-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3960-7-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3960-8-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download