Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25/12/2023, 10:03
Static task
static1
Behavioral task
behavioral1
Sample
15dd205f125a17ddc29c65e81a2f667d.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
15dd205f125a17ddc29c65e81a2f667d.exe
Resource
win10v2004-20231215-en
General
-
Target
15dd205f125a17ddc29c65e81a2f667d.exe
-
Size
225KB
-
MD5
15dd205f125a17ddc29c65e81a2f667d
-
SHA1
12476f8703f989e62018c371373e5c4039767bfd
-
SHA256
e329839e331470138383753f30fb6bae48e7688d45c3db583fdf80a68dbc92b7
-
SHA512
c0890989c7ff4c40f0320e22599317e513f3a0e0285df601a61de1778cf6652d7ebe80eb1c976a28f8bf3e66da08c2183531c97c6267ca02217b40d29d825394
-
SSDEEP
6144:d8KneNc5QyMXkm9tRSJZb5OhX6CrdfONr:qX7vH1SLbUd6cM
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2132 Wwodia.exe -
Drops file in Windows directory 6 IoCs
description ioc Process File opened for modification C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job 15dd205f125a17ddc29c65e81a2f667d.exe File created C:\Windows\Wwodia.exe 15dd205f125a17ddc29c65e81a2f667d.exe File opened for modification C:\Windows\Wwodia.exe 15dd205f125a17ddc29c65e81a2f667d.exe File created C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job Wwodia.exe File opened for modification C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job Wwodia.exe File created C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job 15dd205f125a17ddc29c65e81a2f667d.exe -
Enumerates system info in registry 2 TTPs 2 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier 15dd205f125a17ddc29c65e81a2f667d.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier Wwodia.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main Wwodia.exe Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\International Wwodia.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe 2132 Wwodia.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 764 wrote to memory of 2132 764 15dd205f125a17ddc29c65e81a2f667d.exe 91 PID 764 wrote to memory of 2132 764 15dd205f125a17ddc29c65e81a2f667d.exe 91 PID 764 wrote to memory of 2132 764 15dd205f125a17ddc29c65e81a2f667d.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\15dd205f125a17ddc29c65e81a2f667d.exe"C:\Users\Admin\AppData\Local\Temp\15dd205f125a17ddc29c65e81a2f667d.exe"1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:764 -
C:\Windows\Wwodia.exeC:\Windows\Wwodia.exe2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:2132
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
362B
MD56a96ce9ad58b1b3fb29181ff3bae9fb9
SHA18fdea477837330a328358ae5ab01b20156c90db3
SHA2563b854a43f8b5c465f8d8c8dc813583007d5b23a9fab06d6ee30224e4818f072a
SHA512ca17b8f72cabf7e9b2398c7862c91687cc6066ca7523092d32bfb3ff7acdd14c508e55efb2a2efe30a09ff18815b3909dd0aeec5c116c701d944f4bee27d41ba
-
Filesize
225KB
MD515dd205f125a17ddc29c65e81a2f667d
SHA112476f8703f989e62018c371373e5c4039767bfd
SHA256e329839e331470138383753f30fb6bae48e7688d45c3db583fdf80a68dbc92b7
SHA512c0890989c7ff4c40f0320e22599317e513f3a0e0285df601a61de1778cf6652d7ebe80eb1c976a28f8bf3e66da08c2183531c97c6267ca02217b40d29d825394