Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
07/11/2023, 01:36
Static task
static1
Behavioral task
behavioral1
Sample
2b7ed6be5883702cf47860d45fcd2880.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
2b7ed6be5883702cf47860d45fcd2880.exe
Resource
win10v2004-20231023-en
General
-
Target
2b7ed6be5883702cf47860d45fcd2880.exe
-
Size
34KB
-
MD5
2b7ed6be5883702cf47860d45fcd2880
-
SHA1
bd996c906eb3563990df45885a271a8ef6da9071
-
SHA256
21672a4942eee03dda4b122d648eeb34eac5dc1505feb7099bbb0ad6dbb93e4e
-
SHA512
f295cd8526ccf1a8f6bce61cc7221265edf058fb14ec1d9eb6d1e44f010f91ad70b540457ae0f996d700f344d5a523f5983e6c11f915a22099be356dd1fa1622
-
SSDEEP
384:diiR7nP2nwR2F9inJvOB4MajnTHDSIcnMc:diiR7nPowRfJmBu/HDSBnMc
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Control Panel\International\Geo\Nation 2b7ed6be5883702cf47860d45fcd2880.exe -
Executes dropped EXE 1 IoCs
pid Process 1868 hummy.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4812 wrote to memory of 1868 4812 2b7ed6be5883702cf47860d45fcd2880.exe 91 PID 4812 wrote to memory of 1868 4812 2b7ed6be5883702cf47860d45fcd2880.exe 91 PID 4812 wrote to memory of 1868 4812 2b7ed6be5883702cf47860d45fcd2880.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\2b7ed6be5883702cf47860d45fcd2880.exe"C:\Users\Admin\AppData\Local\Temp\2b7ed6be5883702cf47860d45fcd2880.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4812 -
C:\Users\Admin\AppData\Local\Temp\hummy.exe"C:\Users\Admin\AppData\Local\Temp\hummy.exe"2⤵
- Executes dropped EXE
PID:1868
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
34KB
MD5ee5a73a356a442508cfd069324eb5144
SHA135f4443ac0105b10a4ffbb9f406b373f1cd1583a
SHA25667d189d41c4f3d8e7a855a8080554a734d96630f5f47138a4e7137d927d32130
SHA512880943bf19fe18a9d6d026b5402b50c2b77a438d3ff12501f1b2db9914b39bf14618a953f91943b3ab0adac783197c15cf87cc23e73a6ff54be51c184dc9e1b3
-
Filesize
34KB
MD5ee5a73a356a442508cfd069324eb5144
SHA135f4443ac0105b10a4ffbb9f406b373f1cd1583a
SHA25667d189d41c4f3d8e7a855a8080554a734d96630f5f47138a4e7137d927d32130
SHA512880943bf19fe18a9d6d026b5402b50c2b77a438d3ff12501f1b2db9914b39bf14618a953f91943b3ab0adac783197c15cf87cc23e73a6ff54be51c184dc9e1b3
-
Filesize
34KB
MD5ee5a73a356a442508cfd069324eb5144
SHA135f4443ac0105b10a4ffbb9f406b373f1cd1583a
SHA25667d189d41c4f3d8e7a855a8080554a734d96630f5f47138a4e7137d927d32130
SHA512880943bf19fe18a9d6d026b5402b50c2b77a438d3ff12501f1b2db9914b39bf14618a953f91943b3ab0adac783197c15cf87cc23e73a6ff54be51c184dc9e1b3