Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
139s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231127-en -
resource tags
arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system -
submitted
08/12/2023, 02:23
Behavioral task
behavioral1
Sample
b00129319feaa8f96585b492645dce0c1a454f39ba8de6b54edeb816e529d1e4.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
b00129319feaa8f96585b492645dce0c1a454f39ba8de6b54edeb816e529d1e4.exe
Resource
win10v2004-20231127-en
General
-
Target
b00129319feaa8f96585b492645dce0c1a454f39ba8de6b54edeb816e529d1e4.exe
-
Size
903KB
-
MD5
2083b5d00811bbe0511bae9558aaafa5
-
SHA1
751894715369037f8219bf7be2435c3f5e27e78f
-
SHA256
b00129319feaa8f96585b492645dce0c1a454f39ba8de6b54edeb816e529d1e4
-
SHA512
f683bdc6498973205bfff8e4727ecfe4871b3ccf7999267a1b84a538c007bb31355415e9deb367a2160b46b8311ac6fdb080fe8d4cb6b4481826a9cdc435f2ed
-
SSDEEP
12288:4Gd4qIuUY0lW/+0d7dG1lFlWcYT70pxnnaaoawiRVcTqSA+9rZNrI0AilFEvxHv7:8qd4MROxnFrLqrZlI0AilFEvxHicKe
Malware Config
Signatures
-
Drops desktop.ini file(s) 2 IoCs
description ioc Process File created C:\Windows\assembly\Desktop.ini b00129319feaa8f96585b492645dce0c1a454f39ba8de6b54edeb816e529d1e4.exe File opened for modification C:\Windows\assembly\Desktop.ini b00129319feaa8f96585b492645dce0c1a454f39ba8de6b54edeb816e529d1e4.exe -
Drops file in Windows directory 3 IoCs
description ioc Process File created C:\Windows\assembly\Desktop.ini b00129319feaa8f96585b492645dce0c1a454f39ba8de6b54edeb816e529d1e4.exe File opened for modification C:\Windows\assembly\Desktop.ini b00129319feaa8f96585b492645dce0c1a454f39ba8de6b54edeb816e529d1e4.exe File opened for modification C:\Windows\assembly b00129319feaa8f96585b492645dce0c1a454f39ba8de6b54edeb816e529d1e4.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 4904 wrote to memory of 4568 4904 b00129319feaa8f96585b492645dce0c1a454f39ba8de6b54edeb816e529d1e4.exe 92 PID 4904 wrote to memory of 4568 4904 b00129319feaa8f96585b492645dce0c1a454f39ba8de6b54edeb816e529d1e4.exe 92 PID 4568 wrote to memory of 4216 4568 csc.exe 93 PID 4568 wrote to memory of 4216 4568 csc.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\b00129319feaa8f96585b492645dce0c1a454f39ba8de6b54edeb816e529d1e4.exe"C:\Users\Admin\AppData\Local\Temp\b00129319feaa8f96585b492645dce0c1a454f39ba8de6b54edeb816e529d1e4.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4904 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\no00bq6b.cmdline"2⤵
- Suspicious use of WriteProcessMemory
PID:4568 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1A1C.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC1A1B.tmp"3⤵PID:4216
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5ac1513352a0b8e2e818c6def4e2e25cc
SHA180228faac95e583d0b58385f461ff637afde9e89
SHA256eeb8ae9395782d9965d94a67851c9a5668ab82917ec3c207761caebfe66a87c7
SHA5127413cb030a3672f3d6b514ac2f97b0e26f73d70fc593d82d185341b0c8ab0ede861d1293a918116cf8e8ba3a2c2179be3492b3ee7e38cef760dcdf09c8e35b1d
-
Filesize
76KB
MD5895bc5065491b08a8dc49170ed63c058
SHA1fcc0a53986383a538f3b92fa1d54542f4c8e3a6b
SHA2560388820770392f185604dec335b23cc07e59c9a7e0833e9e9470e9bdf18563b2
SHA5122773b52612ea50ffc922a4150c1426831b129374429168c16c7451750425fffdd2144e479f0434341232856b2679abb2b184ee439db5e58459a68d86de66e6ca
-
Filesize
676B
MD53084b92b6411449fcc69a03a76d37a42
SHA163888f96134efd4764e068dbbf68659cb40114a2
SHA256dd2ec0fcb32d80086c2b80ca326e2afd959faa63728192b19ef2fa66af11d4b8
SHA512ba4f02306560ec3db257ff5395a9917e8102ce49777a6bb4506c47088636c7ccbf2c710c9bf87b55b92a8aedf31cd2f5114ec197a9318377869708d04ce89537
-
Filesize
208KB
MD5efcf6b91b1437bd6181ff0f908f493e2
SHA198f36fb1bd89e15233c455d1bc43b04a14208efd
SHA256955ec9c67f6f28999cca26269ea6678ed4c8591998b1f184656a92eed151e43c
SHA5125d28014dba5caedd91ff1b98cf0bc46485061eb974a77985b10a70e63f73cf215ecf9c93b772f6763f01052dec9e9264db5676b750108ada8a20ef3665b8e315
-
Filesize
349B
MD5592969598f72e9c37e75186bf47763f1
SHA1682a7259e5cb6d9c6186064173cd734faab136c2
SHA256f50db4edff5018768cb6da061d70c09e27f3854705502182856797245709086d
SHA5124737e4b03a4b39d6fd9f38032ed21a9395a38730c2a5f08e58fca62df5aaa69a2513c5b074b1a5face7db9d79fa50c840c0998e47b36dc0e34ea6078b29977b4