Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
31/08/2023, 10:56
General
-
Target
PAYMENT COPY.exe
-
Size
517KB
-
MD5
07777ab79429d89e895fec96ff50b278
-
SHA1
5213f0cd557ba8f2ccb393ae2d97ca8d277195db
-
SHA256
4a63fd45dcc97cf19892173f6101ff932109f8e3c382db28ea077c63a65f203d
-
SHA512
dfa96457b683593147909eb03377fa9354a793243dc2facd82f19cd479f9ef57bdf644c0988ee8a169bba8591ad5daffeb3ff517c811285179765ba3eed6199a
-
SSDEEP
12288:WYePZVDtcv1rthwf4qxe4ChulTtvEHjTB2ZeauKH:WY0ZVZwSxPChSVEHZ5au8
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 62 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\PAYMENT COPY.exe"C:\Users\Admin\AppData\Local\Temp\PAYMENT COPY.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\rojadledpv.exe"C:\Users\Admin\AppData\Local\Temp\rojadledpv.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\rojadledpv.exe"C:\Users\Admin\AppData\Local\Temp\rojadledpv.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
220KB
MD56716e8f9d36a91096ed45332842d1707
SHA119b4bb0e18148713be481ec3c83bfa429231228a
SHA256736f87ffc730e21071bb6806747cbba2d939190b4437b3639c00610f6cb88fb9
SHA512df70612e1c4cb98f0d3db5cd40457cd6ad4e94554d504bda1d8da3960ad9ae042731dd20441fec69780b142d93fe2a6f3f766d1cc939fff04c7ec9a632b9fc85
-
Filesize
181KB
MD5101b890591f29885e061a03c198c6a5b
SHA1b137ea84a338ebb1c66ee5bf8c43f93c98358d47
SHA2561d2bbd30dc122cca8e22dd97f5796f97eb96ec4d1299a15e07139151e7be95ee
SHA512cc98cf85d5ab35ccbe3de7a78b7ed2a9d4f56f479b66bd5ef1d9243fef7282390537357fd36511ec50932f176a2ce9f41ec7dd465ef47a07b11b9de00345dc8b
-
Filesize
181KB
MD5101b890591f29885e061a03c198c6a5b
SHA1b137ea84a338ebb1c66ee5bf8c43f93c98358d47
SHA2561d2bbd30dc122cca8e22dd97f5796f97eb96ec4d1299a15e07139151e7be95ee
SHA512cc98cf85d5ab35ccbe3de7a78b7ed2a9d4f56f479b66bd5ef1d9243fef7282390537357fd36511ec50932f176a2ce9f41ec7dd465ef47a07b11b9de00345dc8b
-
Filesize
181KB
MD5101b890591f29885e061a03c198c6a5b
SHA1b137ea84a338ebb1c66ee5bf8c43f93c98358d47
SHA2561d2bbd30dc122cca8e22dd97f5796f97eb96ec4d1299a15e07139151e7be95ee
SHA512cc98cf85d5ab35ccbe3de7a78b7ed2a9d4f56f479b66bd5ef1d9243fef7282390537357fd36511ec50932f176a2ce9f41ec7dd465ef47a07b11b9de00345dc8b
-
Filesize
200KB
-
Filesize
3.3MB
-
Filesize
200KB
-
Filesize
8KB