Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
09/07/2023, 08:02
Static task
static1
Behavioral task
behavioral1
Sample
9fdb73744323cbexeexeexeex.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
9fdb73744323cbexeexeexeex.exe
Resource
win10v2004-20230703-en
General
-
Target
9fdb73744323cbexeexeexeex.exe
-
Size
26KB
-
MD5
9fdb73744323cb9da571bfd884162602
-
SHA1
117a1e29023f5ca0f22dbe65491ee6a308924b1b
-
SHA256
45d0896cc87cf7edadcf12f2b2b872903f1de6ace18e228f8036472bf81060e2
-
SHA512
cd972760ef70a35d75d0b4c118ccee0407248d157eb023553a2f09fa6150dc4a9b0dbe541cb583ed25e6ce8400891a058a775c8b16c23d86705cdd8fd1ad04d9
-
SSDEEP
384:bIDl1ovmXAw9PMDREhi9OUSPlRxMc/cip7IAfjDb4YWV:bIDOw9UiaCHfjnIV
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Control Panel\International\Geo\Nation 9fdb73744323cbexeexeexeex.exe -
Executes dropped EXE 1 IoCs
pid Process 4944 lossy.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5044 wrote to memory of 4944 5044 9fdb73744323cbexeexeexeex.exe 84 PID 5044 wrote to memory of 4944 5044 9fdb73744323cbexeexeexeex.exe 84 PID 5044 wrote to memory of 4944 5044 9fdb73744323cbexeexeexeex.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\9fdb73744323cbexeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\9fdb73744323cbexeexeexeex.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:5044 -
C:\Users\Admin\AppData\Local\Temp\lossy.exe"C:\Users\Admin\AppData\Local\Temp\lossy.exe"2⤵
- Executes dropped EXE
PID:4944
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
27KB
MD5fd0a2276db2ad4d89402facd464440b4
SHA11ab93f5f62edc8882d1cb2b96b948b8ff3ae8829
SHA256a10276a270b934e4e399cbd9f451d150624491db4a2cfa1f37d0731fbeb825f4
SHA5120b4120a2ae2a1156aa8c0e9cc19d3f9b130cab7c278b157664ef71ad72f48343b0bede47794c0712e8c6584d2bb26a2695973b4cf70f5e0991ece894b61f91eb
-
Filesize
27KB
MD5fd0a2276db2ad4d89402facd464440b4
SHA11ab93f5f62edc8882d1cb2b96b948b8ff3ae8829
SHA256a10276a270b934e4e399cbd9f451d150624491db4a2cfa1f37d0731fbeb825f4
SHA5120b4120a2ae2a1156aa8c0e9cc19d3f9b130cab7c278b157664ef71ad72f48343b0bede47794c0712e8c6584d2bb26a2695973b4cf70f5e0991ece894b61f91eb
-
Filesize
27KB
MD5fd0a2276db2ad4d89402facd464440b4
SHA11ab93f5f62edc8882d1cb2b96b948b8ff3ae8829
SHA256a10276a270b934e4e399cbd9f451d150624491db4a2cfa1f37d0731fbeb825f4
SHA5120b4120a2ae2a1156aa8c0e9cc19d3f9b130cab7c278b157664ef71ad72f48343b0bede47794c0712e8c6584d2bb26a2695973b4cf70f5e0991ece894b61f91eb