Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
4s -
max time network
4s -
platform
windows7_x64 -
resource
win7-20241010-es -
resource tags
arch:x64arch:x86image:win7-20241010-eslocale:es-esos:windows7-x64systemwindows -
submitted
03/01/2025, 17:29
Static task
static1
Behavioral task
behavioral1
Sample
OperaGXSetup.exe
Resource
win7-20241010-es
General
-
Target
OperaGXSetup.exe
-
Size
3.8MB
-
MD5
fb23e09da4b0ebd20a0072e75fd994f4
-
SHA1
bc3433296ae972d574a368d50b737fd984cf3d38
-
SHA256
e478c912ca786de43cc76bfece772eef194600726e5641dcaab4e0cb260fa90e
-
SHA512
26d8005aaedb6066b65c1d564234ce25ab0aa9c318610a473aaa7e7fc71fcf5a4cb99fc9422be932ae36367ff48855a046eb0286ac848f34d575c8d519b19222
-
SSDEEP
49152:SVAbwA+j3AtriaXicL8D8nqdZqb8oM28CBHmLOIt/ZwDAakqbMz3Lnn7cAWFJJx:WA+jxJIfMKmLOIt/yDh7MbLnnXWFl
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2236 setup.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language OperaGXSetup.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe"C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe"1⤵
- System Location Discovery: System Language Discovery
PID:2908 -
C:\Users\Admin\AppData\Local\Temp\7zSC5B61DD6\setup.exeC:\Users\Admin\AppData\Local\Temp\7zSC5B61DD6\setup.exe --server-tracking-blob=ZWJhYzcxNjgwMzIwMTNlNzhiYjU3YWE2ODViZjJjNjBmODRiODk1NzUwNDllMjY4ZWEzMDZkMDA5MzQyMDNkMDp7ImNvdW50cnkiOiJDTyIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9DTyZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTEyMjJfMzY1M2I5YmJlYjhmYzRkMTEwZDRmNWUxZTZjZDA4YTQmdXRtX2lkPWUzNjYyMWNkYWVkZTRhNjc4ZTI0OGMzY2EzNzFjZTBiJmh0dHBfcmVmZXJyZXI9bWlzc2luZyZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRmd4JnV0bV9pZD1lMzY2MjFjZGFlZGU0YTY3OGUyNDhjM2NhMzcxY2UwYiZkbF90b2tlbj03MTQyNDE5MyIsInRpbWVzdGFtcCI6IjE3MzU4NzEyOTguMzk0OCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMzEuMC4wLjAgU2FmYXJpLzUzNy4zNiBFZGcvMTMxLjAuMC4wIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0NPIiwiY29udGVudCI6IjEyMjJfMzY1M2I5YmJlYjhmYzRkMTEwZDRmNWUxZTZjZDA4YTQiLCJpZCI6ImUzNjYyMWNkYWVkZTRhNjc4ZTI0OGMzY2EzNzFjZTBiIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vZ3giLCJtZWRpdW0iOiJwYSIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiZDYxOTcwZjItZjM0YS00MGEwLTkyMGItNmIxNTM3Y2ExZWU5In0=2⤵
- Executes dropped EXE
PID:2236
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7.3MB
MD5a147d284d9191cd8783a8055a21bfcce
SHA16f87e8302e28192475a3c362ec1d7597427b016c
SHA256f7b4074a646e742f61d2ecf4b1e78e56216748a35670e23e8ef585a8008aa761
SHA51237d4de184b8b41a41324258ee4e5de5429228bfc89d1c9ca11a786382f11741e4741d11bc392351ee0620cb08151d710c04d92ed5e42ee165c4463d5897c5984