Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
23/07/2023, 19:11
Static task
static1
Behavioral task
behavioral1
Sample
NA_NA_29f273fef8722fexeexe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
NA_NA_29f273fef8722fexeexe_JC.exe
Resource
win10v2004-20230703-en
General
-
Target
NA_NA_29f273fef8722fexeexe_JC.exe
-
Size
31KB
-
MD5
29f273fef8722f329a6542787e3e4509
-
SHA1
f78f91f680588fe79bc33db2c0b9083d249fdfdd
-
SHA256
1296c5c816e15e7238e77b6f563bed4c9e1b4aa38efbc62d9e90c93753dc411b
-
SHA512
ad835e6fcfecfa03beb811a4e552151cc73ad446867c11c33ab94b412d14fe0a1844c8b6bc199e93233fa282272a4e8349b07cc82bce5de308f29f145e20099e
-
SSDEEP
384:bmM0V/YPvnr801TRoUGPh4TKt6ATt1DqgPa3s/zzoi0WlLYZAM9BWixK:b7o/2n1TCraU6GD1a4X0WlK59xK
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\International\Geo\Nation NA_NA_29f273fef8722fexeexe_JC.exe -
Executes dropped EXE 1 IoCs
pid Process 2968 rewok.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3408 wrote to memory of 2968 3408 NA_NA_29f273fef8722fexeexe_JC.exe 87 PID 3408 wrote to memory of 2968 3408 NA_NA_29f273fef8722fexeexe_JC.exe 87 PID 3408 wrote to memory of 2968 3408 NA_NA_29f273fef8722fexeexe_JC.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\NA_NA_29f273fef8722fexeexe_JC.exe"C:\Users\Admin\AppData\Local\Temp\NA_NA_29f273fef8722fexeexe_JC.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3408 -
C:\Users\Admin\AppData\Local\Temp\rewok.exe"C:\Users\Admin\AppData\Local\Temp\rewok.exe"2⤵
- Executes dropped EXE
PID:2968
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD5a08215adc9718a7c189f8f0fbbae23ae
SHA12afd32a4766749a1e491f6eb949f814f142813c7
SHA2563a64a287d85485809dc5d8aa642a2dce375f66a3d7bfe4c9dff3af07cddbbc40
SHA512be730a5c8aa40a4034674e4a9896312c41b63f8277d29f241e711369286366ab20df43f0ee87973d01a5c6f998c7d80498c2287179a288b7ba319f6a05b69892
-
Filesize
32KB
MD5a08215adc9718a7c189f8f0fbbae23ae
SHA12afd32a4766749a1e491f6eb949f814f142813c7
SHA2563a64a287d85485809dc5d8aa642a2dce375f66a3d7bfe4c9dff3af07cddbbc40
SHA512be730a5c8aa40a4034674e4a9896312c41b63f8277d29f241e711369286366ab20df43f0ee87973d01a5c6f998c7d80498c2287179a288b7ba319f6a05b69892
-
Filesize
32KB
MD5a08215adc9718a7c189f8f0fbbae23ae
SHA12afd32a4766749a1e491f6eb949f814f142813c7
SHA2563a64a287d85485809dc5d8aa642a2dce375f66a3d7bfe4c9dff3af07cddbbc40
SHA512be730a5c8aa40a4034674e4a9896312c41b63f8277d29f241e711369286366ab20df43f0ee87973d01a5c6f998c7d80498c2287179a288b7ba319f6a05b69892