Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
19/07/2023, 12:55
Static task
static1
Behavioral task
behavioral1
Sample
e4d2e92c353700exe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
e4d2e92c353700exe_JC.exe
Resource
win10v2004-20230703-en
General
-
Target
e4d2e92c353700exe_JC.exe
-
Size
145KB
-
MD5
e4d2e92c3537005e6676c5eb82aa00b6
-
SHA1
3437a8e1d71154788c4b32ab1f0268ea478ba520
-
SHA256
690f2b0a004abf7312b0990776ff921f3a8cf67ed52d3d1bac791bea1a121fae
-
SHA512
dcc3558fbd200c58d2eb1cecf41aef8ec856de6011f0ff43a7f1972f865aff0c6c661d97b6bd688b3ca800c1f519f6488878f820108da3057d7a9d48660960b9
-
SSDEEP
1536:V6QFElP6n+gMQMOtEvwDpjQGYQbxGYQbxGYQbPlooND:V6a+pOtEvwDpjt22v
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Control Panel\International\Geo\Nation e4d2e92c353700exe_JC.exe -
Executes dropped EXE 1 IoCs
pid Process 3352 asih.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3660 wrote to memory of 3352 3660 e4d2e92c353700exe_JC.exe 84 PID 3660 wrote to memory of 3352 3660 e4d2e92c353700exe_JC.exe 84 PID 3660 wrote to memory of 3352 3660 e4d2e92c353700exe_JC.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\e4d2e92c353700exe_JC.exe"C:\Users\Admin\AppData\Local\Temp\e4d2e92c353700exe_JC.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3660 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:3352
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
145KB
MD5f0250f4b43969bb07febdfe9111f3b36
SHA12b9eb532628a45453b7671eab31f15b4a5103b4e
SHA2569782e3f6523e0442b542e0c1ce86f925d167979129436be33d2d32c72b36c1a3
SHA512cc0ca489877af0b2efd572686a29bee0ce6607da7f0a53fe4a285a78affb29f2ec9d0eb3fc7825b03b0cf313f79bf2455c8e56863775619324da92e04b469e2f
-
Filesize
145KB
MD5f0250f4b43969bb07febdfe9111f3b36
SHA12b9eb532628a45453b7671eab31f15b4a5103b4e
SHA2569782e3f6523e0442b542e0c1ce86f925d167979129436be33d2d32c72b36c1a3
SHA512cc0ca489877af0b2efd572686a29bee0ce6607da7f0a53fe4a285a78affb29f2ec9d0eb3fc7825b03b0cf313f79bf2455c8e56863775619324da92e04b469e2f
-
Filesize
145KB
MD5f0250f4b43969bb07febdfe9111f3b36
SHA12b9eb532628a45453b7671eab31f15b4a5103b4e
SHA2569782e3f6523e0442b542e0c1ce86f925d167979129436be33d2d32c72b36c1a3
SHA512cc0ca489877af0b2efd572686a29bee0ce6607da7f0a53fe4a285a78affb29f2ec9d0eb3fc7825b03b0cf313f79bf2455c8e56863775619324da92e04b469e2f