Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
169s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
28/10/2023, 19:43
Static task
static1
Behavioral task
behavioral1
Sample
35e6903f50ac0a868fcb2862ffc626a4f0571161ac1c01560dd0424a02044e07.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
35e6903f50ac0a868fcb2862ffc626a4f0571161ac1c01560dd0424a02044e07.exe
Resource
win10v2004-20231020-en
General
-
Target
35e6903f50ac0a868fcb2862ffc626a4f0571161ac1c01560dd0424a02044e07.exe
-
Size
816KB
-
MD5
776349986584ddfab084409ad9071d11
-
SHA1
0319e8f8522c8c1be53b8ec81e289a2a37fdda7a
-
SHA256
35e6903f50ac0a868fcb2862ffc626a4f0571161ac1c01560dd0424a02044e07
-
SHA512
f68f93ca85cbbff950339a07e325d1c47f174e3facd88e016b99d5c7e76aec215e0036d2a08eb4a90cadc2ff2dc17d6ee4f7d534714290706fe2d86d56bcd7c5
-
SSDEEP
24576:MY4G2qLMJalsnqShyoo77lUabuSvbDQOOdIxJsG9R:h3XZynV4oDabuWbDQOcIxJJ9R
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3288 1B0F0D0D120E156E155F15F0D0A160E0F160E.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
pid Process 2876 35e6903f50ac0a868fcb2862ffc626a4f0571161ac1c01560dd0424a02044e07.exe 3288 1B0F0D0D120E156E155F15F0D0A160E0F160E.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2876 wrote to memory of 3288 2876 35e6903f50ac0a868fcb2862ffc626a4f0571161ac1c01560dd0424a02044e07.exe 88 PID 2876 wrote to memory of 3288 2876 35e6903f50ac0a868fcb2862ffc626a4f0571161ac1c01560dd0424a02044e07.exe 88 PID 2876 wrote to memory of 3288 2876 35e6903f50ac0a868fcb2862ffc626a4f0571161ac1c01560dd0424a02044e07.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\35e6903f50ac0a868fcb2862ffc626a4f0571161ac1c01560dd0424a02044e07.exe"C:\Users\Admin\AppData\Local\Temp\35e6903f50ac0a868fcb2862ffc626a4f0571161ac1c01560dd0424a02044e07.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2876 -
C:\Users\Admin\AppData\Local\Temp\1B0F0D0D120E156E155F15F0D0A160E0F160E.exeC:\Users\Admin\AppData\Local\Temp\1B0F0D0D120E156E155F15F0D0A160E0F160E.exe2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:3288
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
816KB
MD5f7ac2cc0dc9accbda575d1c0bae31b53
SHA1bfd2edce9562ee7f50b59c833e9895e692046317
SHA256276a2262d6a4fdf8a1106e4c9b1d0d311020bd4ac09c0570fbf9c8217c6fd529
SHA512d7614b6aa1e715cedb57cd8861f5391181447f14dbcb04da1e594a1983183980e25b304a71ed72e262b07a4aae436ca9ba3fa82b8976a0bf64604a570d990c8e
-
Filesize
816KB
MD5f7ac2cc0dc9accbda575d1c0bae31b53
SHA1bfd2edce9562ee7f50b59c833e9895e692046317
SHA256276a2262d6a4fdf8a1106e4c9b1d0d311020bd4ac09c0570fbf9c8217c6fd529
SHA512d7614b6aa1e715cedb57cd8861f5391181447f14dbcb04da1e594a1983183980e25b304a71ed72e262b07a4aae436ca9ba3fa82b8976a0bf64604a570d990c8e