Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10UDP.exe
windows11-21h2-x64
3a
windows11-21h2-x64
1arm1
windows11-21h2-x64
1bj.exe
windows11-21h2-x64
10bjyk.exe
windows11-21h2-x64
10cctv.exe
windows11-21h2-x64
10cctv_2.exe
windows11-21h2-x64
10cn.exe
windows11-21h2-x64
7cn1.exe
windows11-21h2-x64
3dhl.exe
windows11-21h2-x64
10java
windows11-21h2-x64
1java (2)
windows11-21h2-x64
1java1
windows11-21h2-x64
1k5.exe
windows11-21h2-x64
10ly1
windows11-21h2-x64
1mh.exe
windows11-21h2-x64
10mips
windows11-21h2-x64
1pjhxx
windows11-21h2-x64
1rootkit
windows11-21h2-x64
1se.exe
windows11-21h2-x64
7server.exe
windows11-21h2-x64
10smss.exe
windows11-21h2-x64
10sqlrer
windows11-21h2-x64
1squld
windows11-21h2-x64
1ssh.sh
windows11-21h2-x64
3taskmgr.exe
windows11-21h2-x64
10win.exe
windows11-21h2-x64
10wm.html
windows11-21h2-x64
4wrt1
windows11-21h2-x64
1xm.exe
windows11-21h2-x64
10yk.exe
windows11-21h2-x64
10yk1.exe
windows11-21h2-x64
10Analysis
-
max time kernel
438s -
max time network
1160s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
07/12/2024, 18:43
Behavioral task
behavioral1
Sample
UDP.exe
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
a
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
arm1
Resource
win11-20241007-en
Behavioral task
behavioral4
Sample
bj.exe
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
bjyk.exe
Resource
win11-20241007-en
Behavioral task
behavioral6
Sample
cctv.exe
Resource
win11-20241007-en
Behavioral task
behavioral7
Sample
cctv_2.exe
Resource
win11-20241007-en
Behavioral task
behavioral8
Sample
cn.exe
Resource
win11-20241007-en
Behavioral task
behavioral9
Sample
cn1.exe
Resource
win11-20241007-en
Behavioral task
behavioral10
Sample
dhl.exe
Resource
win11-20241007-en
Behavioral task
behavioral11
Sample
java
Resource
win11-20241007-en
Behavioral task
behavioral12
Sample
java (2)
Resource
win11-20241007-en
Behavioral task
behavioral13
Sample
java1
Resource
win11-20241007-en
Behavioral task
behavioral14
Sample
k5.exe
Resource
win11-20241007-en
Behavioral task
behavioral15
Sample
ly1
Resource
win11-20241007-en
Behavioral task
behavioral16
Sample
mh.exe
Resource
win11-20241007-en
Behavioral task
behavioral17
Sample
mips
Resource
win11-20241007-en
Behavioral task
behavioral18
Sample
pjhxx
Resource
win11-20241007-en
Behavioral task
behavioral19
Sample
rootkit
Resource
win11-20241007-en
Behavioral task
behavioral20
Sample
se.exe
Resource
win11-20241007-en
Behavioral task
behavioral21
Sample
server.exe
Resource
win11-20241007-en
Behavioral task
behavioral22
Sample
smss.exe
Resource
win11-20241007-en
Behavioral task
behavioral23
Sample
sqlrer
Resource
win11-20241007-en
Behavioral task
behavioral24
Sample
squld
Resource
win11-20241007-en
Behavioral task
behavioral25
Sample
ssh.sh
Resource
win11-20241007-en
Behavioral task
behavioral26
Sample
taskmgr.exe
Resource
win11-20241007-en
Behavioral task
behavioral27
Sample
win.exe
Resource
win11-20241007-en
Behavioral task
behavioral28
Sample
wm.html
Resource
win11-20241007-en
Behavioral task
behavioral29
Sample
wrt1
Resource
win11-20241007-en
Behavioral task
behavioral30
Sample
xm.exe
Resource
win11-20241007-en
Behavioral task
behavioral31
Sample
yk.exe
Resource
win11-20241007-en
General
-
Target
cn1.exe
-
Size
196KB
-
MD5
0731b597e61c2fd74577239fc53c794b
-
SHA1
85bf7df302e1e4e096ad8d385cac2ef004457ba9
-
SHA256
fe23577d1480bedcd63037921bbd5a55e86171c1a7dc97667df6a674ca0044fc
-
SHA512
6bf34bd045020a852dc2553869f67c30d13857c9fb228ae966fd2f794f607f7157933a4772c9e13e19c85bfec1f585d6e350cbcafb58c624f0aade78085664f4
-
SSDEEP
3072:zwSn0zvOvtYzwnqSioDXx4uE9w2qbMUeZPorQ/4/464Is9Um:U00zvOvtgSiod4uYzqAvZ1/w46Iym
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 5004 2980 WerFault.exe 77 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cn1.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\cn1.exe"C:\Users\Admin\AppData\Local\Temp\cn1.exe"1⤵
- System Location Discovery: System Language Discovery
PID:2980 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 2362⤵
- Program crash
PID:5004
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2980 -ip 29801⤵PID:3660