Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
24/12/2023, 22:00
Static task
static1
Behavioral task
behavioral1
Sample
143c4ad0066283f32c23d311e61c02e2.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
143c4ad0066283f32c23d311e61c02e2.exe
Resource
win10v2004-20231215-en
General
-
Target
143c4ad0066283f32c23d311e61c02e2.exe
-
Size
350KB
-
MD5
143c4ad0066283f32c23d311e61c02e2
-
SHA1
1ddfc575e32e6a35fdfee7df1bf8947d96c89bc4
-
SHA256
5d6441cca42e93d2697dee285c6636a9292dfd8c9e2414aea7ec07b84758d2f4
-
SHA512
b7daceae7088653a0ddfbd2fa2ed4bd5a89b2f5d9e9e821fda079de467b362e766b6ec287288a9d010ead5be46da32ad8b8126b73ca1e70822e2493e193cbe04
-
SSDEEP
6144:T4+FA+BAiMXHQur9MD7Lk9vtXyCLFlINvWLkNGPTd0owmYUUGO56pjPwjw:sW+iMXHknLSvtbDLkNG1w+UG6xw
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4032 uninstall.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 143c4ad0066283f32c23d311e61c02e2.exe File opened for modification \??\PhysicalDrive0 uninstall.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4032 uninstall.exe 4032 uninstall.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4620 143c4ad0066283f32c23d311e61c02e2.exe 4032 uninstall.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4620 wrote to memory of 4032 4620 143c4ad0066283f32c23d311e61c02e2.exe 40 PID 4620 wrote to memory of 4032 4620 143c4ad0066283f32c23d311e61c02e2.exe 40 PID 4620 wrote to memory of 4032 4620 143c4ad0066283f32c23d311e61c02e2.exe 40
Processes
-
C:\Users\Admin\AppData\Local\Temp\143c4ad0066283f32c23d311e61c02e2.exe"C:\Users\Admin\AppData\Local\Temp\143c4ad0066283f32c23d311e61c02e2.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4620 -
C:\Users\Admin\AppData\Local\Temp\uninstall.exeC:\Users\Admin\AppData\Local\Temp\uninstall.exe2⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4032
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
350KB
MD5143c4ad0066283f32c23d311e61c02e2
SHA11ddfc575e32e6a35fdfee7df1bf8947d96c89bc4
SHA2565d6441cca42e93d2697dee285c6636a9292dfd8c9e2414aea7ec07b84758d2f4
SHA512b7daceae7088653a0ddfbd2fa2ed4bd5a89b2f5d9e9e821fda079de467b362e766b6ec287288a9d010ead5be46da32ad8b8126b73ca1e70822e2493e193cbe04