Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
06/07/2023, 11:47
Static task
static1
Behavioral task
behavioral1
Sample
245b1fe5b1dcfbexeexeexeex.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
245b1fe5b1dcfbexeexeexeex.exe
Resource
win10v2004-20230703-en
General
-
Target
245b1fe5b1dcfbexeexeexeex.exe
-
Size
46KB
-
MD5
245b1fe5b1dcfbfe1a02c2efb9c93369
-
SHA1
8636fa59507f938781a47b97dfbc0342d1ab10a9
-
SHA256
e2f0be2fdee4424ee86ab73c88b847a6b7761e970a35a73360ecd49bb34cdc38
-
SHA512
2f874898ab3a3cd31490610ea9c36e5f0798182cef2ffbfa786c3a4f5198d3133fd67e622c34faea13776d59a69dc6aa9025db296fd8a16ba5fc7ab7496c4af0
-
SSDEEP
768:bIDOw9UiaCHfjnE0Sfa7ilR0p9u6p4Uu6EIZPm83+3:bIDOw9a0DwitDwIZb3+3
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Control Panel\International\Geo\Nation 245b1fe5b1dcfbexeexeexeex.exe -
Executes dropped EXE 1 IoCs
pid Process 2144 lossy.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2996 wrote to memory of 2144 2996 245b1fe5b1dcfbexeexeexeex.exe 83 PID 2996 wrote to memory of 2144 2996 245b1fe5b1dcfbexeexeexeex.exe 83 PID 2996 wrote to memory of 2144 2996 245b1fe5b1dcfbexeexeexeex.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\245b1fe5b1dcfbexeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\245b1fe5b1dcfbexeexeexeex.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2996 -
C:\Users\Admin\AppData\Local\Temp\lossy.exe"C:\Users\Admin\AppData\Local\Temp\lossy.exe"2⤵
- Executes dropped EXE
PID:2144
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46KB
MD5dcf0088d67b1efe35f81b872be83ea5d
SHA1db8c7a3625ee58f37af09cf9d369851b87efe081
SHA2569f2567a9619f33a85968eb691eaf5dde7f19462136e6abae9eb37ceea287431e
SHA51278e1e3f58ddf15e1afd840ecf63d4aad2c0df51b2eeb1bfef8ba00e5b97ed55d65bc6d0e51b9769bd214768ef1004a653eaa2f69288685e614226fe576c503f8
-
Filesize
46KB
MD5dcf0088d67b1efe35f81b872be83ea5d
SHA1db8c7a3625ee58f37af09cf9d369851b87efe081
SHA2569f2567a9619f33a85968eb691eaf5dde7f19462136e6abae9eb37ceea287431e
SHA51278e1e3f58ddf15e1afd840ecf63d4aad2c0df51b2eeb1bfef8ba00e5b97ed55d65bc6d0e51b9769bd214768ef1004a653eaa2f69288685e614226fe576c503f8
-
Filesize
46KB
MD5dcf0088d67b1efe35f81b872be83ea5d
SHA1db8c7a3625ee58f37af09cf9d369851b87efe081
SHA2569f2567a9619f33a85968eb691eaf5dde7f19462136e6abae9eb37ceea287431e
SHA51278e1e3f58ddf15e1afd840ecf63d4aad2c0df51b2eeb1bfef8ba00e5b97ed55d65bc6d0e51b9769bd214768ef1004a653eaa2f69288685e614226fe576c503f8