Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10d4f7e0c033...35.exe
windows7-x64
10d4f7e0c033...35.exe
windows10-2004-x64
10d57a15943a...b8.exe
windows7-x64
10d57a15943a...b8.exe
windows10-2004-x64
10d5b7e88e91...31.exe
windows7-x64
5d5b7e88e91...31.exe
windows10-2004-x64
5d5b9cbc990...bf.exe
windows7-x64
7d5b9cbc990...bf.exe
windows10-2004-x64
7d5bce0b9b1...56.exe
windows7-x64
10d5bce0b9b1...56.exe
windows10-2004-x64
10d5fc43e4e1...1f.exe
windows7-x64
1d5fc43e4e1...1f.exe
windows10-2004-x64
1d61876dded...d3.exe
windows7-x64
10d61876dded...d3.exe
windows10-2004-x64
10d61b23d4ac...e0.exe
windows7-x64
10d61b23d4ac...e0.exe
windows10-2004-x64
10d690267038...3a.exe
windows7-x64
8d690267038...3a.exe
windows10-2004-x64
8d6995ab53a...3c.exe
windows7-x64
10d6995ab53a...3c.exe
windows10-2004-x64
10d6a9816b0d...9f.exe
windows7-x64
1d6a9816b0d...9f.exe
windows10-2004-x64
1d6e2e28870...ca.exe
windows7-x64
10d6e2e28870...ca.exe
windows10-2004-x64
10d70550d5d4...cd.exe
windows7-x64
10d70550d5d4...cd.exe
windows10-2004-x64
10d72c4b8c14...db.exe
windows7-x64
7d72c4b8c14...db.exe
windows10-2004-x64
7d735d6b2f3...86.exe
windows7-x64
10d735d6b2f3...86.exe
windows10-2004-x64
10d7508b0790...b3.exe
windows7-x64
10d7508b0790...b3.exe
windows10-2004-x64
10Analysis
-
max time kernel
117s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
22/03/2025, 06:17
Behavioral task
behavioral1
Sample
d4f7e0c033fa7006a593674e3052cc35.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
d4f7e0c033fa7006a593674e3052cc35.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral3
Sample
d57a15943ae8a9e653d5a6c6870271b8.exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
d57a15943ae8a9e653d5a6c6870271b8.exe
Resource
win10v2004-20250313-en
Behavioral task
behavioral5
Sample
d5b7e88e919915c58afbaad1d7cb2531.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
d5b7e88e919915c58afbaad1d7cb2531.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral7
Sample
d5b9cbc990cc88135ff80a41945ea3c940b8726e286812fbf402dbf5f2f66bbf.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
d5b9cbc990cc88135ff80a41945ea3c940b8726e286812fbf402dbf5f2f66bbf.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral9
Sample
d5bce0b9b1bfbe56a03cf54d9beb1a2a2e485beccb72393148e209ae63fb8556.exe
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
d5bce0b9b1bfbe56a03cf54d9beb1a2a2e485beccb72393148e209ae63fb8556.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral11
Sample
d5fc43e4e1fb229c3f946ac0417a0a630b0809b33a2f1bacc7b81f45006fbf1f.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
d5fc43e4e1fb229c3f946ac0417a0a630b0809b33a2f1bacc7b81f45006fbf1f.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral13
Sample
d61876ddede62df51f22178f3f3810d3.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
d61876ddede62df51f22178f3f3810d3.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral15
Sample
d61b23d4acf185dc6322a40c7f0f56e0.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
d61b23d4acf185dc6322a40c7f0f56e0.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral17
Sample
d690267038d2a718d56558e839b2613a.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
d690267038d2a718d56558e839b2613a.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral19
Sample
d6995ab53a3e1764dcb69174e80bb9d55cc93c4335efc865e937655c4f92803c.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
d6995ab53a3e1764dcb69174e80bb9d55cc93c4335efc865e937655c4f92803c.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral21
Sample
d6a9816b0df03fee5229e490ff3bfa2a016c0eeb9658b09fd6538a34e469579f.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
d6a9816b0df03fee5229e490ff3bfa2a016c0eeb9658b09fd6538a34e469579f.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral23
Sample
d6e2e288705c6ca37ed2968b4ff7e7ca.exe
Resource
win7-20241010-en
Behavioral task
behavioral24
Sample
d6e2e288705c6ca37ed2968b4ff7e7ca.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral25
Sample
d70550d5d46716704be759d325b3a8f0047905a4f170abe251491f13b3a563cd.exe
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
d70550d5d46716704be759d325b3a8f0047905a4f170abe251491f13b3a563cd.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral27
Sample
d72c4b8c14b424737ffaaef76a9e591144b983e79322541f28ea06b4436e42db.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
d72c4b8c14b424737ffaaef76a9e591144b983e79322541f28ea06b4436e42db.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral29
Sample
d735d6b2f34e9a7cd2604d3036ac8486.exe
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
d735d6b2f34e9a7cd2604d3036ac8486.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral31
Sample
d7508b07903325957294ebdcb89bd5b3.exe
Resource
win7-20241023-en
Behavioral task
behavioral32
Sample
d7508b07903325957294ebdcb89bd5b3.exe
Resource
win10v2004-20250314-en
General
-
Target
d72c4b8c14b424737ffaaef76a9e591144b983e79322541f28ea06b4436e42db.exe
-
Size
369KB
-
MD5
b6c96e7e2111b5ee133675104824493c
-
SHA1
abf5259cbaf7e73721523719bee61a5586c47d21
-
SHA256
d72c4b8c14b424737ffaaef76a9e591144b983e79322541f28ea06b4436e42db
-
SHA512
3a4e395961ad70a806df4dd16ccac9ee6d692ffb4f7180c3409ad9dc8168c4f28f83b8201d3f2a7bde01f6bc820993881b85905e5768faf769a50649d1a096c0
-
SSDEEP
6144:2n6zJ4mHcCLCYTnWz79nWz7NYp6hYp6rvDLuimKkBREsVf+3Kg4:16m2QiQrfqREx4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2384 MW5fajwHSsA8ySG.exe -
Loads dropped DLL 1 IoCs
pid Process 2228 d72c4b8c14b424737ffaaef76a9e591144b983e79322541f28ea06b4436e42db.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ipconfig.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MW5fajwHSsA8ySG.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d72c4b8c14b424737ffaaef76a9e591144b983e79322541f28ea06b4436e42db.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe -
Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.
pid Process 1764 ipconfig.exe -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 2228 wrote to memory of 2372 2228 d72c4b8c14b424737ffaaef76a9e591144b983e79322541f28ea06b4436e42db.exe 31 PID 2228 wrote to memory of 2372 2228 d72c4b8c14b424737ffaaef76a9e591144b983e79322541f28ea06b4436e42db.exe 31 PID 2228 wrote to memory of 2372 2228 d72c4b8c14b424737ffaaef76a9e591144b983e79322541f28ea06b4436e42db.exe 31 PID 2228 wrote to memory of 2372 2228 d72c4b8c14b424737ffaaef76a9e591144b983e79322541f28ea06b4436e42db.exe 31 PID 2372 wrote to memory of 1764 2372 cmd.exe 33 PID 2372 wrote to memory of 1764 2372 cmd.exe 33 PID 2372 wrote to memory of 1764 2372 cmd.exe 33 PID 2372 wrote to memory of 1764 2372 cmd.exe 33 PID 2228 wrote to memory of 2384 2228 d72c4b8c14b424737ffaaef76a9e591144b983e79322541f28ea06b4436e42db.exe 34 PID 2228 wrote to memory of 2384 2228 d72c4b8c14b424737ffaaef76a9e591144b983e79322541f28ea06b4436e42db.exe 34 PID 2228 wrote to memory of 2384 2228 d72c4b8c14b424737ffaaef76a9e591144b983e79322541f28ea06b4436e42db.exe 34 PID 2228 wrote to memory of 2384 2228 d72c4b8c14b424737ffaaef76a9e591144b983e79322541f28ea06b4436e42db.exe 34
Processes
-
C:\Users\Admin\AppData\Local\Temp\d72c4b8c14b424737ffaaef76a9e591144b983e79322541f28ea06b4436e42db.exe"C:\Users\Admin\AppData\Local\Temp\d72c4b8c14b424737ffaaef76a9e591144b983e79322541f28ea06b4436e42db.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2228 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c ipconfig /flushdns2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2372 -
C:\Windows\SysWOW64\ipconfig.exeipconfig /flushdns3⤵
- System Location Discovery: System Language Discovery
- Gathers network information
PID:1764
-
-
-
C:\Users\Admin\AppData\Local\Temp\MW5fajwHSsA8ySG.exe"C:\Users\Admin\AppData\Local\Temp\MW5fajwHSsA8ySG.exe" s2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2384
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
371KB
MD5e182c531712bd6a577c209b51f7015bc
SHA12a2114d9f3cb2c6732c82b52bf6943bbc6b87ab0
SHA256ecbf2f77d0fd99ba61f49c376c95e9e2223f0492b785b14a1e3d870e0d0889cb
SHA512c553c6eb502ed75b252fb4a34b4af036c931102ee74d19a31fcd04d0949112943a3b969accc20c9ac620f1b9eb33ea5742f0c17d157a389f4ace90183dbe742b