Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
136s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25/12/2023, 13:42
Static task
static1
Behavioral task
behavioral1
Sample
2296c8c70ca5cfcf6d5e0da9ae697762.exe
Resource
win7-20231215-en
General
-
Target
2296c8c70ca5cfcf6d5e0da9ae697762.exe
-
Size
876KB
-
MD5
2296c8c70ca5cfcf6d5e0da9ae697762
-
SHA1
fb1cdf5c87923cb496cee3ce72242ea17d433c05
-
SHA256
135652f6df4bab082b94fd5721d218e47d0de69e13188ee7276cf8befd921917
-
SHA512
246364ba7632c1ba39eb4337659e88ca2d900af145d3e82dc5bf43f87943aa0be7b0fd54d509b4216cf755c456be9f5dc7c2c88561728d6567b919831b0f786f
-
SSDEEP
24576:zdMLKmtvPyHu7dgoA4S3y9pNg4W7HMcYcN+2QHCXR2:ZiKmHyOx7Sp7sclQR
Malware Config
Signatures
-
Loads dropped DLL 6 IoCs
pid Process 1244 2296c8c70ca5cfcf6d5e0da9ae697762.exe 1244 2296c8c70ca5cfcf6d5e0da9ae697762.exe 1244 2296c8c70ca5cfcf6d5e0da9ae697762.exe 1244 2296c8c70ca5cfcf6d5e0da9ae697762.exe 1244 2296c8c70ca5cfcf6d5e0da9ae697762.exe 1244 2296c8c70ca5cfcf6d5e0da9ae697762.exe -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 2296c8c70ca5cfcf6d5e0da9ae697762.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 4732 wrote to memory of 992 4732 2296c8c70ca5cfcf6d5e0da9ae697762.exe 20 PID 4732 wrote to memory of 992 4732 2296c8c70ca5cfcf6d5e0da9ae697762.exe 20 PID 4732 wrote to memory of 992 4732 2296c8c70ca5cfcf6d5e0da9ae697762.exe 20 PID 992 wrote to memory of 1244 992 2296c8c70ca5cfcf6d5e0da9ae697762.exe 19 PID 992 wrote to memory of 1244 992 2296c8c70ca5cfcf6d5e0da9ae697762.exe 19 PID 992 wrote to memory of 1244 992 2296c8c70ca5cfcf6d5e0da9ae697762.exe 19
Processes
-
C:\Users\Admin\AppData\Local\Temp\2296c8c70ca5cfcf6d5e0da9ae697762.exe"C:\Users\Admin\AppData\Local\Temp\2296c8c70ca5cfcf6d5e0da9ae697762.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4732 -
C:\Users\Admin\AppData\Local\Temp\2296c8c70ca5cfcf6d5e0da9ae697762.exe"C:\Users\Admin\AppData\Local\Temp\2296c8c70ca5cfcf6d5e0da9ae697762.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:992
-
-
C:\Users\Admin\AppData\Local\Temp\2296c8c70ca5cfcf6d5e0da9ae697762.exe"C:\Users\Admin\AppData\Local\Temp\2296c8c70ca5cfcf6d5e0da9ae697762.exe"1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
PID:1244
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
73KB
MD5b01d2b9a44796a3ebe1901c8e6b3b555
SHA1aa61156b30dbb381fb9acaacb046e14641a46202
SHA2564772a79a22439b608822d2d1d29f29b3d26dc272b92688e94437bfb45f88c6dd
SHA512bf5628afa126661ce1568052b8aed80bbb70ce8625e0e770dcaa3aa1101a77feaea0e506eb0f11dca4908c70ddb82c6dc626156c2279c7b068f2783316aa2e11
-
Filesize
494KB
MD5f0c59526f8186eadaf2171b8fd2967c1
SHA18ffbe3e03d8139b50b41931c7b3360a0eebdb5cb
SHA2566e35d85fe4365e508adc7faffc4517c29177380c2ba420f02c2b9ee03103d3f6
SHA512dccd287c5f25cac346836e1140b743756178d01cd58539cf8fac12f7ae54d338bfb4364c650edb4d6018ef1f4065f7e9835d32fd608f8ae66c67a0ffd05e9854