Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
25/12/2023, 10:09
General
-
Target
1631fd1307d62dffa2fc5c238f5630c8.exe
-
Size
250KB
-
MD5
1631fd1307d62dffa2fc5c238f5630c8
-
SHA1
47566b36258b6ad7e08b5c8cfb7cd9eeb4b063e1
-
SHA256
7ec3a4a7872f40773186d53eeba2352c498ee3178104359638abb3a4c7578800
-
SHA512
e6f2341d2fd34ace68bc64a91c7b96bd8cf482bd1f4faee2904a90ed70927d3eb8d286b70b52fd99bf19ce71613fd56102df94338d57f9af247e501556713489
-
SSDEEP
6144:wciEde2K/IyHwihFp7non6Y/PUaKwtapzVmS5nJfcQ/4hz9Vm6Reqhj7D:bF/K/IyHpb4m3UQWz9Vvn
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1631fd1307d62dffa2fc5c238f5630c8.exe"C:\Users\Admin\AppData\Local\Temp\1631fd1307d62dffa2fc5c238f5630c8.exe"1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\stub.vbs"2⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\sfx.exe"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\sfx.exe" -p456jh34k5h6bj4563j456j3456jjj45jjj3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\input.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\input.exe"4⤵
- Executes dropped EXE
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
209KB
MD5e426a3ed568d303211945f0d005346a0
SHA186271a7e27e291260687291a12b3756e702835b0
SHA25623600ab6542b70ea5aab1b367f5793832a9ac7bc5e3477f7e20a0cb70644d21f
SHA512a9568edef1f0b46f34903d56ecb494001ecb7138279314fecd639ad109379f019a0a59b0b18657e315a4f6c07509dda80827bc445bc44b4150a541822e86cf1e
-
Filesize
132B
MD5826c3dfb5d027b8a9c9ddbd74216f9b4
SHA1c0a1efd6d81b81dbf21c33464edc885e54404226
SHA2567ac2d95d5b2d56142c35b51690f50d211af96797795d00ba2fd7d65bc12a71b2
SHA512f66f948c519c956aaf57a53cad09247af267fa644fae500567380acb7f438abacd70cc9dc8c340b972aca0e56d48bc67134ff9118e3463e84ea2859334d6ae67
-
Filesize
212KB
MD5851b984fbd8967a644ef367087a6328d
SHA1dcaf74e9bceac1bb1e3d9959907093f06e17fdbf
SHA25699ba4621d0286e835238810bcd80055fa72f189db3459c072f4a23d5a0b135ff
SHA5126fc2b1ec9c3805d6cabf665122c7a704086ac467a02c1fa6f7741e3e1a31b8fbb44ac85a4835a5a3c6c022ae83c05a92545141886f05bbfbdf441448b8b58f9b
-
Filesize
167KB
MD56014f25fc51659e4e0eaf60f9fd84351
SHA11681f8a2582cb43c2560471f8b09717435ff98cd
SHA256250dd434fe7aba4faee13d06fdb68b268d7f42a8c3b3b5333dede2324cbc0668
SHA5129fe62a72d626c78c98f766433d19300d3d01afb1500c85e68b531d3a30a7b379aee2aef14e533f6eef5e00db8c9ef9ef78b2cab89561cd5f8d1d1d4f8e43fb53