Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
21/11/2023, 21:58
Static task
static1
Behavioral task
behavioral1
Sample
4fcc9a64d586c6534eaceb5935e38e20c96881e4e90fc29fbbb46c9bdc4e5116.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
4fcc9a64d586c6534eaceb5935e38e20c96881e4e90fc29fbbb46c9bdc4e5116.exe
Resource
win10v2004-20231023-en
General
-
Target
4fcc9a64d586c6534eaceb5935e38e20c96881e4e90fc29fbbb46c9bdc4e5116.exe
-
Size
816KB
-
MD5
aac316903de887646b41713942062cd2
-
SHA1
3a9875685d6e4fa4a45352d3556c6cf8c3818fb5
-
SHA256
4fcc9a64d586c6534eaceb5935e38e20c96881e4e90fc29fbbb46c9bdc4e5116
-
SHA512
8384334b1b9686c3a3d1fbc28f2f1ed6ebf41bec86fc5262bf4531db70304916a4d24e461a54eb17b6aa21cc41c4f1a5187d090d0a3d3b882cc745715ecf8b04
-
SSDEEP
24576:pY4G2qLMJalsnqShyoo77lUabuSvbDQOOdIxJsG9+:G3XZynV4oDabuWbDQOcIxJJ9+
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2896 1B0E0F0D120D156F155A15E0F0F160E0B160C.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
pid Process 2624 4fcc9a64d586c6534eaceb5935e38e20c96881e4e90fc29fbbb46c9bdc4e5116.exe 2896 1B0E0F0D120D156F155A15E0F0F160E0B160C.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2624 wrote to memory of 2896 2624 4fcc9a64d586c6534eaceb5935e38e20c96881e4e90fc29fbbb46c9bdc4e5116.exe 88 PID 2624 wrote to memory of 2896 2624 4fcc9a64d586c6534eaceb5935e38e20c96881e4e90fc29fbbb46c9bdc4e5116.exe 88 PID 2624 wrote to memory of 2896 2624 4fcc9a64d586c6534eaceb5935e38e20c96881e4e90fc29fbbb46c9bdc4e5116.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\4fcc9a64d586c6534eaceb5935e38e20c96881e4e90fc29fbbb46c9bdc4e5116.exe"C:\Users\Admin\AppData\Local\Temp\4fcc9a64d586c6534eaceb5935e38e20c96881e4e90fc29fbbb46c9bdc4e5116.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2624 -
C:\Users\Admin\AppData\Local\Temp\1B0E0F0D120D156F155A15E0F0F160E0B160C.exeC:\Users\Admin\AppData\Local\Temp\1B0E0F0D120D156F155A15E0F0F160E0B160C.exe2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:2896
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
816KB
MD5892cf3b00cceee1cdf8480d302c59cfa
SHA16794012581ba47e5e79d831a0d5c9b8e8166f636
SHA25661afc5e9dedb482ef9210f4dc4d5e986b02d8b1461f909b1aeae375d286b4b06
SHA51294d18e9abfd32375b603cf359566e5a3aac4ec5acaf8e51b5bdd2929ceb9fc8f3edf9f4a69fbb7d8e7a9ce3eea693370e232081c12bb2b292a0fe3893d7230b0
-
Filesize
816KB
MD5892cf3b00cceee1cdf8480d302c59cfa
SHA16794012581ba47e5e79d831a0d5c9b8e8166f636
SHA25661afc5e9dedb482ef9210f4dc4d5e986b02d8b1461f909b1aeae375d286b4b06
SHA51294d18e9abfd32375b603cf359566e5a3aac4ec5acaf8e51b5bdd2929ceb9fc8f3edf9f4a69fbb7d8e7a9ce3eea693370e232081c12bb2b292a0fe3893d7230b0