Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22/12/2023, 08:05
Static task
static1
Behavioral task
behavioral1
Sample
7ba729f6f9dcbaf436232cd4d6d84490.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7ba729f6f9dcbaf436232cd4d6d84490.exe
Resource
win10v2004-20231215-en
General
-
Target
7ba729f6f9dcbaf436232cd4d6d84490.exe
-
Size
3.8MB
-
MD5
7ba729f6f9dcbaf436232cd4d6d84490
-
SHA1
5246f70f12a925ded1c989667f5d6787c507e9e3
-
SHA256
38204cae2ed4108029292fc9e0025744c9696c374bfb01fdf3dbb5bdeb9ba4cb
-
SHA512
12d52a8555125bee738dc7f10cdc2414bdec5e5723cb7163311647eb6535f7a3a2330ca272b291007c6fc1cff80d374233034ae92ea572628f438003107f43ef
-
SSDEEP
49152:EQFRHrmQG+ZQG+6Re+j+QG+ZQFrmQG+ZQx+ZQ5j+QG+ZQFr8QG+ZQxLQG+ZQG+6s:EcKGT+G3G/I+GHGIGT+G3G/I+GHc
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 916 usr.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 916 usr.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 916 usr.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 916 usr.exe 916 usr.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2884 wrote to memory of 916 2884 7ba729f6f9dcbaf436232cd4d6d84490.exe 89 PID 2884 wrote to memory of 916 2884 7ba729f6f9dcbaf436232cd4d6d84490.exe 89 PID 2884 wrote to memory of 916 2884 7ba729f6f9dcbaf436232cd4d6d84490.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\7ba729f6f9dcbaf436232cd4d6d84490.exe"C:\Users\Admin\AppData\Local\Temp\7ba729f6f9dcbaf436232cd4d6d84490.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2884 -
C:\Users\Admin\AppData\Local\Temp\usr.exeC:\Users\Admin\AppData\Local\Temp\usr.exe -run C:\Users\Admin\AppData\Local\Temp\7ba729f6f9dcbaf436232cd4d6d84490.exe2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:916
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
196KB
MD56d0d98c4f732768181980d215745812c
SHA1c3809c67a19b5840a626776fc939473e6304bdf3
SHA256cb88e054b40c62f711a4705503df565a38e165ef33ea00afbda1aae681fdcb28
SHA5127eb208eaf3f768c545429d64e6d3bbcf1097c04a92e77730a93f8f96f0ca6278a3a3a11c76e60f032e70ac07c8a6e13fcfbb220ebd80d05dc53930a3c12c9335
-
Filesize
214KB
MD533452576940289dfb782ffbf7b11ace2
SHA10e29116495f524bc87cc64ae4e7be9ce4e446ded
SHA2562d0f2bdf20dafc0b08f609482daa00001f11bb3383f6ebd8806649e6ebf0739d
SHA5122d35110a82e892d3e3b25a3ca8b17cee8245bd95d85322b93554d5c85a18f9ab3a27d116d3f943cd743bb546223da396e6ed9de9c3ce163576dabf2accd5b537