Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    154s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 12:54

General

  • Target

    200dcc30ad51d0df89d61421e3a936ea.exe

  • Size

    203KB

  • MD5

    200dcc30ad51d0df89d61421e3a936ea

  • SHA1

    d3c170ce17a4ef58b500ae41946c866858460f0e

  • SHA256

    d00c2f596f6c11eceaa95e522fb9e12233cf89c26933028a334ed1eb57686e8a

  • SHA512

    7d895e289e7d365b524189c1ce2aecb7148959c60f257db8dea6326ef19e81ddf2607eb64fbcccf0f175e1c67794bd6086f5519d551a7c0cb823697344622c4b

  • SSDEEP

    6144:em65+jmn/8at0tlRKq+UAEox+5BZLaMXj2ZC:ed5MmnNtqKUAHUBZOOjV

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

Processes

  • C:\Users\Admin\AppData\Local\Temp\200dcc30ad51d0df89d61421e3a936ea.exe
    "C:\Users\Admin\AppData\Local\Temp\200dcc30ad51d0df89d61421e3a936ea.exe"
    1⤵
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    PID:3088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3088-0-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

  • memory/3088-1-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB