Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
275s -
max time network
294s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
26/11/2022, 00:36
Static task
static1
Behavioral task
behavioral1
Sample
be95c80a2b150348131f2c80f8b9a9416bd9d92c5ba5e8d9f0b932f735180afc.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
be95c80a2b150348131f2c80f8b9a9416bd9d92c5ba5e8d9f0b932f735180afc.exe
Resource
win10v2004-20221111-en
General
-
Target
be95c80a2b150348131f2c80f8b9a9416bd9d92c5ba5e8d9f0b932f735180afc.exe
-
Size
2.1MB
-
MD5
3329f833ac31ac3878721f49e181393d
-
SHA1
47b79d529e61c1b41c27a53b9c0e886a6f50a1df
-
SHA256
be95c80a2b150348131f2c80f8b9a9416bd9d92c5ba5e8d9f0b932f735180afc
-
SHA512
29d2bb7cd8fcbd22dd6116ca3a75396bd045e9ad5b38cf3a699d4cdb0597e4b86af82662c11dbc8e0c266258fa648ac26768f111cc865f062e989c3055e5c95f
-
SSDEEP
24576:ptKb3axCoJgKuA0p1kXH2YNRRWH15ZYSR3T1i2UsDHMZWlZUgbVi0TD5mYbt7E:E3eCauJEN+nZYSp1i2UsQKZUaiqUCx
Malware Config
Signatures
-
Drops desktop.ini file(s) 2 IoCs
description ioc Process File created C:\Windows\assembly\Desktop.ini be95c80a2b150348131f2c80f8b9a9416bd9d92c5ba5e8d9f0b932f735180afc.exe File opened for modification C:\Windows\assembly\Desktop.ini be95c80a2b150348131f2c80f8b9a9416bd9d92c5ba5e8d9f0b932f735180afc.exe -
Drops file in Windows directory 3 IoCs
description ioc Process File opened for modification C:\Windows\assembly\Desktop.ini be95c80a2b150348131f2c80f8b9a9416bd9d92c5ba5e8d9f0b932f735180afc.exe File opened for modification C:\Windows\assembly be95c80a2b150348131f2c80f8b9a9416bd9d92c5ba5e8d9f0b932f735180afc.exe File created C:\Windows\assembly\Desktop.ini be95c80a2b150348131f2c80f8b9a9416bd9d92c5ba5e8d9f0b932f735180afc.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
pid Process 3456 be95c80a2b150348131f2c80f8b9a9416bd9d92c5ba5e8d9f0b932f735180afc.exe 3456 be95c80a2b150348131f2c80f8b9a9416bd9d92c5ba5e8d9f0b932f735180afc.exe 3456 be95c80a2b150348131f2c80f8b9a9416bd9d92c5ba5e8d9f0b932f735180afc.exe 3456 be95c80a2b150348131f2c80f8b9a9416bd9d92c5ba5e8d9f0b932f735180afc.exe 3456 be95c80a2b150348131f2c80f8b9a9416bd9d92c5ba5e8d9f0b932f735180afc.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3456 be95c80a2b150348131f2c80f8b9a9416bd9d92c5ba5e8d9f0b932f735180afc.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3456 wrote to memory of 3772 3456 be95c80a2b150348131f2c80f8b9a9416bd9d92c5ba5e8d9f0b932f735180afc.exe 81 PID 3456 wrote to memory of 3772 3456 be95c80a2b150348131f2c80f8b9a9416bd9d92c5ba5e8d9f0b932f735180afc.exe 81 PID 3456 wrote to memory of 3772 3456 be95c80a2b150348131f2c80f8b9a9416bd9d92c5ba5e8d9f0b932f735180afc.exe 81
Processes
-
C:\Users\Admin\AppData\Local\Temp\be95c80a2b150348131f2c80f8b9a9416bd9d92c5ba5e8d9f0b932f735180afc.exe"C:\Users\Admin\AppData\Local\Temp\be95c80a2b150348131f2c80f8b9a9416bd9d92c5ba5e8d9f0b932f735180afc.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3456 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\FolderName\mata.bat2⤵PID:3772
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70B
MD523f72401196919748c14cb64c1d55c3b
SHA1869e3809cb4391e6f5aee5349a871e40a1e1fb22
SHA256d09c4054568f89c5de2bd9bae9cbcbcb3ef2dda9a9ded0153e29da26dc405d11
SHA5122ab844717c31c4819d8773d7604dfc831e950ae9e38fe311acf8178d46f39fafb54b448ebb6b9cf5d1edd47ed36eae11d649c1be346b0a35d380dd07101c79f1