Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2023, 13:47
Static task
static1
Behavioral task
behavioral1
Sample
8ccc7f360a61a4529ec4463e67257fb045425e72db6cb01ed438646ae82d1b53.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
8ccc7f360a61a4529ec4463e67257fb045425e72db6cb01ed438646ae82d1b53.exe
Resource
win10v2004-20230915-en
General
-
Target
8ccc7f360a61a4529ec4463e67257fb045425e72db6cb01ed438646ae82d1b53.exe
-
Size
812KB
-
MD5
783263a5157b9d5cb70335625e0d5450
-
SHA1
e42497fdd47c2b5a76465df12ff257c17c9882e0
-
SHA256
8ccc7f360a61a4529ec4463e67257fb045425e72db6cb01ed438646ae82d1b53
-
SHA512
137d01b3e7f7d9943b9bedde4fec555d0ec9e5f91c9d49eaf69d3bcc959fb27342a5a0d4864ab12e1b0efbae7971e5b6a6ee307e61545e0fe7b6ede6f6b1988b
-
SSDEEP
12288:9qmytVdB0rPEDb3kCoI641jxy7GHEX2rnAv8MktrOKxp22CMOZ/1Sq:9qxtVfNDb31oT41+aneOrO4p2zMOZ/V
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4348 1E0F0B0F120C156A155F15F0D0F160E0E160F.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
pid Process 2776 8ccc7f360a61a4529ec4463e67257fb045425e72db6cb01ed438646ae82d1b53.exe 4348 1E0F0B0F120C156A155F15F0D0F160E0E160F.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2776 wrote to memory of 4348 2776 8ccc7f360a61a4529ec4463e67257fb045425e72db6cb01ed438646ae82d1b53.exe 82 PID 2776 wrote to memory of 4348 2776 8ccc7f360a61a4529ec4463e67257fb045425e72db6cb01ed438646ae82d1b53.exe 82 PID 2776 wrote to memory of 4348 2776 8ccc7f360a61a4529ec4463e67257fb045425e72db6cb01ed438646ae82d1b53.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\8ccc7f360a61a4529ec4463e67257fb045425e72db6cb01ed438646ae82d1b53.exe"C:\Users\Admin\AppData\Local\Temp\8ccc7f360a61a4529ec4463e67257fb045425e72db6cb01ed438646ae82d1b53.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2776 -
C:\Users\Admin\AppData\Local\Temp\1E0F0B0F120C156A155F15F0D0F160E0E160F.exeC:\Users\Admin\AppData\Local\Temp\1E0F0B0F120C156A155F15F0D0F160E0E160F.exe2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:4348
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
812KB
MD5578b018df79cb8a2335b986af40e45c8
SHA1a8a7f5d3e7c1f86d3424c8836e1f831c61243d56
SHA2564958c4e4240b99690039c10b7775d75f58236e356ce6978bdb9c3481350136d7
SHA512303231343015c7e501cd94984765c7c1c876cc5939cc5ad8e0ac2c889ec188a5f626b33ab76de6f3f3c259d8122ce0abd17486f5b2ec8133ffb8079cc32d8fb6
-
Filesize
812KB
MD5578b018df79cb8a2335b986af40e45c8
SHA1a8a7f5d3e7c1f86d3424c8836e1f831c61243d56
SHA2564958c4e4240b99690039c10b7775d75f58236e356ce6978bdb9c3481350136d7
SHA512303231343015c7e501cd94984765c7c1c876cc5939cc5ad8e0ac2c889ec188a5f626b33ab76de6f3f3c259d8122ce0abd17486f5b2ec8133ffb8079cc32d8fb6