Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22/12/2023, 04:23
Behavioral task
behavioral1
Sample
6334ebbe714e4046930889e01184ed7f.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6334ebbe714e4046930889e01184ed7f.exe
Resource
win10v2004-20231215-en
General
-
Target
6334ebbe714e4046930889e01184ed7f.exe
-
Size
462KB
-
MD5
6334ebbe714e4046930889e01184ed7f
-
SHA1
aa31929af08603d9803181deddb42dd6c552d794
-
SHA256
17b8efa3de8d805a2b067ffcf9ad9520a43d4e24823f063f1965871ef1066430
-
SHA512
b190fead5e01c0ea39b5134b3044f6dd1c98b8f932480b4fea22f2f15e7881a7e2aa61bc4875dae7ba2c2663f33542f12a95183cad445db71b80abb767b5c4e9
-
SSDEEP
6144:DpesgEdsW4K6o6ccT0ta+QNIIXK0b/VffQDabqlMGK:d8KB60tabDbGMGK
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 212 set thread context of 440 212 6334ebbe714e4046930889e01184ed7f.exe 90 -
Executes dropped EXE 1 IoCs
pid Process 440 6334ebbe714e4046930889e01184ed7f.xgd -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 212 6334ebbe714e4046930889e01184ed7f.exe 212 6334ebbe714e4046930889e01184ed7f.exe 440 6334ebbe714e4046930889e01184ed7f.xgd 440 6334ebbe714e4046930889e01184ed7f.xgd -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 212 wrote to memory of 440 212 6334ebbe714e4046930889e01184ed7f.exe 90 PID 212 wrote to memory of 440 212 6334ebbe714e4046930889e01184ed7f.exe 90 PID 212 wrote to memory of 440 212 6334ebbe714e4046930889e01184ed7f.exe 90 PID 212 wrote to memory of 440 212 6334ebbe714e4046930889e01184ed7f.exe 90 PID 212 wrote to memory of 440 212 6334ebbe714e4046930889e01184ed7f.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\6334ebbe714e4046930889e01184ed7f.exe"C:\Users\Admin\AppData\Local\Temp\6334ebbe714e4046930889e01184ed7f.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:212 -
C:\Users\Admin\AppData\Local\Temp\6334ebbe714e4046930889e01184ed7f.xgdC:\Users\Admin\AppData\Local\Temp\6334ebbe714e4046930889e01184ed7f.xgd2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:440
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD5c11a0674176c85ec9a470078183890b1
SHA1a7832f31801f0f74ba72a17812170e8ae9bb01b2
SHA2562f5be24f5615fba553286172a28ba96b828efae57f656579bed3277dc3e95f9b
SHA512a3e35b7d696881af3f4c2948ae80eaa1512ef97b498b927e3fcb8233ad0edbec7a788073c22104613966fdf5e374af628a1c0997d2d4fca06387826fe1649995