Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22/03/2025, 06:17

General

  • Target

    d5b7e88e919915c58afbaad1d7cb2531.exe

  • Size

    700KB

  • MD5

    d5b7e88e919915c58afbaad1d7cb2531

  • SHA1

    fab14c9ad635911f61b1050b2ada480e9936ca59

  • SHA256

    9462494ac0129d85ae5d2f24597fc4a424f05fa5651513def1c77ddf66b01374

  • SHA512

    e2a090a2c046e508db11b73d963fe85a644ecad8f380d6f4a9f75c972c2cd60c7295359c85c0cb0407b67a87ec52fa1a31dccc34619c848f2234b5d562c6d293

  • SSDEEP

    12288:fiBqAJsZ6xFR0yJCjD4wjqSGyVm0YpAxRZGgkdoXAk12grWa7CmWgiWMFMa:fQQExFa2uUwjqSGywdGjZrkdcAkrrCjm

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5b7e88e919915c58afbaad1d7cb2531.exe
    "C:\Users\Admin\AppData\Local\Temp\d5b7e88e919915c58afbaad1d7cb2531.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2528
    • C:\Users\Admin\AppData\Local\Temp\d5b7e88e919915c58afbaad1d7cb2531.exe
      "C:\Users\Admin\AppData\Local\Temp\d5b7e88e919915c58afbaad1d7cb2531.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1912
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 36
        3⤵
        • Program crash
        PID:1716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1912-12-0x0000000000400000-0x0000000000447000-memory.dmp

    Filesize

    284KB

  • memory/1912-16-0x0000000000400000-0x0000000000447000-memory.dmp

    Filesize

    284KB

  • memory/1912-15-0x00000000008A0000-0x0000000000BA3000-memory.dmp

    Filesize

    3.0MB

  • memory/1912-14-0x0000000000400000-0x0000000000447000-memory.dmp

    Filesize

    284KB

  • memory/1912-7-0x0000000000400000-0x0000000000447000-memory.dmp

    Filesize

    284KB

  • memory/1912-8-0x0000000000400000-0x0000000000447000-memory.dmp

    Filesize

    284KB

  • memory/1912-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

  • memory/2528-3-0x0000000000920000-0x0000000000930000-memory.dmp

    Filesize

    64KB

  • memory/2528-13-0x0000000074CE0000-0x00000000753CE000-memory.dmp

    Filesize

    6.9MB

  • memory/2528-6-0x0000000005980000-0x0000000005A12000-memory.dmp

    Filesize

    584KB

  • memory/2528-5-0x0000000074CE0000-0x00000000753CE000-memory.dmp

    Filesize

    6.9MB

  • memory/2528-4-0x0000000074CEE000-0x0000000074CEF000-memory.dmp

    Filesize

    4KB

  • memory/2528-0-0x0000000074CEE000-0x0000000074CEF000-memory.dmp

    Filesize

    4KB

  • memory/2528-2-0x0000000074CE0000-0x00000000753CE000-memory.dmp

    Filesize

    6.9MB

  • memory/2528-1-0x0000000000C50000-0x0000000000D06000-memory.dmp

    Filesize

    728KB