Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25/12/2023, 09:31
Static task
static1
Behavioral task
behavioral1
Sample
148790c33dad176e7430e5a22dbc2b96.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
148790c33dad176e7430e5a22dbc2b96.exe
Resource
win10v2004-20231215-en
General
-
Target
148790c33dad176e7430e5a22dbc2b96.exe
-
Size
83KB
-
MD5
148790c33dad176e7430e5a22dbc2b96
-
SHA1
54d3cf0a10873f4b2116ba079bdabc9ddeaa1276
-
SHA256
e2ce136b057db82b5967bc923c861b0a40d6935fe5d7b74cd3cb1db94a0072d7
-
SHA512
5b9e1cd9b9bfc4565c093987b4b1908317649ff8987432817f6fb9377817f0ac4fa441345f57ebb265f9ca17c13b8b90193bf81c6b0033dc475b562c3c322ff3
-
SSDEEP
1536:xpgpHzb9dZVX9fHMvG0D3XJkQJwCOwVpLFBrnsV/9CswxQ93:rgXdZt9P6D3XJVrpm/9p93
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 764 Au_.exe -
Loads dropped DLL 1 IoCs
pid Process 764 Au_.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NSIS installer 2 IoCs
resource yara_rule behavioral2/files/0x0008000000023208-4.dat nsis_installer_1 behavioral2/files/0x0008000000023208-4.dat nsis_installer_2 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1156 wrote to memory of 764 1156 148790c33dad176e7430e5a22dbc2b96.exe 91 PID 1156 wrote to memory of 764 1156 148790c33dad176e7430e5a22dbc2b96.exe 91 PID 1156 wrote to memory of 764 1156 148790c33dad176e7430e5a22dbc2b96.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\148790c33dad176e7430e5a22dbc2b96.exe"C:\Users\Admin\AppData\Local\Temp\148790c33dad176e7430e5a22dbc2b96.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1156 -
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:764
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
14KB
MD5325b008aec81e5aaa57096f05d4212b5
SHA127a2d89747a20305b6518438eff5b9f57f7df5c3
SHA256c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
SHA51218362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
-
Filesize
643B
MD58789416682588ec522300b4a2ff314e4
SHA1e9f9eeebe3235f26e8d35cb7929674a1fcf5c844
SHA2561f12c13a65139fef89889756d68608bb065ac22b32e87197db5f3773f02f0d5b
SHA5129832045ffc7196811f7c6cf3c784d55c40fae85e87b17977bfd53fc7c1b95324b1ab3b0b01491f04b241d5f3951e3e64b4a20f32743df641107b713bd27f108f
-
Filesize
83KB
MD5148790c33dad176e7430e5a22dbc2b96
SHA154d3cf0a10873f4b2116ba079bdabc9ddeaa1276
SHA256e2ce136b057db82b5967bc923c861b0a40d6935fe5d7b74cd3cb1db94a0072d7
SHA5125b9e1cd9b9bfc4565c093987b4b1908317649ff8987432817f6fb9377817f0ac4fa441345f57ebb265f9ca17c13b8b90193bf81c6b0033dc475b562c3c322ff3