Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
15/12/2024, 14:50
Behavioral task
behavioral1
Sample
release.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
release.exe
Resource
win10v2004-20241007-en
General
-
Target
release.exe
-
Size
423KB
-
MD5
be4cbe10f071b583895eb48b532e837a
-
SHA1
cf7fe65594aa9d74a23b35cb608c01e6a7912014
-
SHA256
610f0ac7f61d0e450281941a5476f6316fa14ddd6fd06210029905246b56b0ef
-
SHA512
7fbe0c286bebc18db0e46f17757ce824b643856d2d647eef8e9ec1d66c5af145bfdbac4904c2f494d1d6e4480fd96aaa7de7c66bfd1083c2d3a841c08b42e47a
-
SSDEEP
6144:YeghbOV4Asvo/Z+wo6TmTIHnqgKIuTi5gTaWnLLDt1dbWAOaKapXFWbcF5U:YeKbOV4A3ho9IKNti5gT/wUzzWYU
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2380 skuld.exe -
Loads dropped DLL 2 IoCs
pid Process 2524 release.exe 2524 release.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language release.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2524 wrote to memory of 2380 2524 release.exe 31 PID 2524 wrote to memory of 2380 2524 release.exe 31 PID 2524 wrote to memory of 2380 2524 release.exe 31 PID 2524 wrote to memory of 2380 2524 release.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\release.exe"C:\Users\Admin\AppData\Local\Temp\release.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2524 -
C:\Users\Admin\AppData\Local\Temp\skuld.exe"C:\Users\Admin\AppData\Local\Temp\skuld.exe"2⤵
- Executes dropped EXE
PID:2380
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9.5MB
MD5be0fab815395a13d4d6190070028299f
SHA1e56acd831f795128fd0ec0363435638a656a3236
SHA256abbf573224595e5999b43e7dc97596255b7187d3619fea99e45d76b7caaf7a0e
SHA512c4ae881530e465f94682f35918898928c08bf8ba34469015eeee3a5b15bbb0471dbf07663b215e5b4fb8ed9b337364ccc1d32b345b4fa14d07d391065699be4d