Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
166s -
max time network
181s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
11/10/2023, 22:54
General
-
Target
0002455510da982d0474ed8aaf5f7756_JC.exe
-
Size
420KB
-
MD5
0002455510da982d0474ed8aaf5f7756
-
SHA1
56c9d904830c86e6a830b88d5e3e254fc7c3fb76
-
SHA256
68ff6814dafe9fd6bd25e9b4c2f35417d3b6574ae2fecd069163e1d4c65b5c73
-
SHA512
a45cc05a91c1a3e57d584b5c8cd535fe65773be5e41d85659b0b28d2cc0c0475dfa16500ccbde1d41cebf394f1f07c92ec00816d7229571ffa04f3d49d5805c8
-
SSDEEP
6144:gdspDeDrxkg/vrMuJIgwhEFHyOrJcX/Pgqwzm5IzkWjS4e4azExBKO1t4Kb70Nqx:G8kxNhOZElO5kkWjhD4AF
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Modifies system executable filetype association 2 TTPs 3 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 17 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Program Files directory 2 IoCs
-
Modifies registry class 15 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0002455510da982d0474ed8aaf5f7756_JC.exe"C:\Users\Admin\AppData\Local\Temp\0002455510da982d0474ed8aaf5f7756_JC.exe"1⤵
- Modifies system executable filetype association
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files\VPCY.EXE"C:\Program Files\VPCY.EXE"2⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
421KB
MD5eff7e1843ce9a5c6c16df71c3ec24a45
SHA1ca99bf9be498609032743f315d7332216309cc4b
SHA2567e638e4f4bd190afec90ae0be9fce3fb9c1f25443df219aecb10df70e5f62f6b
SHA5126e82d1044c3449e9bb6e1386e85db89dbf46be2335f5f82629d0cf41a38d3e336fd61d2652065f41e31a3d5f5f5b6eedd8225a40ba9f6792bf4e9fa7a29afde0
-
Filesize
421KB
MD5eff7e1843ce9a5c6c16df71c3ec24a45
SHA1ca99bf9be498609032743f315d7332216309cc4b
SHA2567e638e4f4bd190afec90ae0be9fce3fb9c1f25443df219aecb10df70e5f62f6b
SHA5126e82d1044c3449e9bb6e1386e85db89dbf46be2335f5f82629d0cf41a38d3e336fd61d2652065f41e31a3d5f5f5b6eedd8225a40ba9f6792bf4e9fa7a29afde0
-
Filesize
421KB
MD525498238bb2c8915f63c50fa4f7c448c
SHA1c947608aea232f99a6a75b8b7772b3e72a9a108b
SHA256df753e898fa55cb8caf0887589230ba8226206b9aa89197bde4ae13f2be1f08c
SHA512882db70dddd0ba4d3c2215d4eaf52171b0ebd046fbd4c2d1bb28319c975ffa25ee3e182fb9fa9aa6739657ff7fba659885946655d874cb9912f225ee0fb67ff6
-
Filesize
281B
MD581adfc46b1e284128ab9b8c2071466f0
SHA14c2e291d56bd79612f39a3285f29591a3f9a47e1
SHA256e8e3e0b6ed3a9ca972594c32066f076307f0a868572d31f71c71edb304d76fd7
SHA51297ab16e04c5b86fec4015dd4fa10845dc151b7f93ec0675e74e4b457808fa4b2565fc24248a74064f9fa11a2ee4b9f4a1695a811ce5984b84fd33433ab954978
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB