Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

60ae023873...9f.exe

windows7-x64

6

60ae023873...9f.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/12/2024, 05:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    60ae02387396d0f33f035f7e659e4a7a2a094d9fe5a3bd21db271393a2ccd39f.exe

  • Size

    8.9MB

  • MD5

    3662abe6c0c6dce91a67e0ba351944d3

  • SHA1

    1bf366732f3a7bffb624064353d9da9369e54605

  • SHA256

    60ae02387396d0f33f035f7e659e4a7a2a094d9fe5a3bd21db271393a2ccd39f

  • SHA512

    a0b7418bec101f2d7c7355dd501c94e603237439aa09b656aa11414d9996e6ed1612a7b108165281684cd0f0e2335037fb3ed4c3409766762a62e00c71643e1b

  • SSDEEP

    49152:K1XP6rPbNechC0bNechC0bNecIC0bNechC0bNechC0bNeco:K1+8e8e8f8e8e8p

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60ae02387396d0f33f035f7e659e4a7a2a094d9fe5a3bd21db271393a2ccd39f.exe
    "C:\Users\Admin\AppData\Local\Temp\60ae02387396d0f33f035f7e659e4a7a2a094d9fe5a3bd21db271393a2ccd39f.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Users\Admin\AppData\Local\Temp\60ae02387396d0f33f035f7e659e4a7a2a094d9fe5a3bd21db271393a2ccd39f.exe
      "C:\Users\Admin\AppData\Local\Temp\60ae02387396d0f33f035f7e659e4a7a2a094d9fe5a3bd21db271393a2ccd39f.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:2224
    • C:\Windows\SysWOW64\diskperf.exe
      "C:\Windows\SysWOW64\diskperf.exe"
      2⤵
        PID:2880

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1984-0-0x0000000000400000-0x0000000000515000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1984-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1984-2-0x0000000000400000-0x0000000000515000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1984-3-0x00000000001B0000-0x00000000001B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1984-33-0x0000000000400000-0x0000000000515000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2224-8-0x0000000000400000-0x000000000043E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/2224-21-0x0000000000400000-0x000000000043E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/2224-15-0x0000000000400000-0x000000000043E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/2224-36-0x0000000000400000-0x000000000043E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/2224-6-0x0000000000400000-0x000000000043E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/2224-4-0x0000000000400000-0x000000000043E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/2880-24-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2880-22-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2880-32-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2880-26-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2880-29-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.