Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    186s
  • max time network
    204s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 00:19

General

  • Target

    45e18c4a64d02d99156dc3a75603a240.exe

  • Size

    30KB

  • MD5

    45e18c4a64d02d99156dc3a75603a240

  • SHA1

    549d6879208795db03f7e268ba2cf4bfb881b45c

  • SHA256

    f002e84df7f3906d363522b3e4497f9f5ed37b996fcc862dede912d2b7386d5b

  • SHA512

    d29fee8bd9dee184427c6d7c9aca6a7a2bac8d52a37475825cfbbcd13c07563539d2451246e3b8547cde4b56d8100121e8eeb4424f509077bcca8e4117cdee53

  • SSDEEP

    768:fEUlIyjTLkR5IV6PPgzoytLlQ4R1ucbyVZR:BGygQoygsByF

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies Internet Explorer settings 1 TTPs 11 IoCs
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
  • Modifies registry class 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\45e18c4a64d02d99156dc3a75603a240.exe
    "C:\Users\Admin\AppData\Local\Temp\45e18c4a64d02d99156dc3a75603a240.exe"
    1⤵
    • Adds policy Run key to start application
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1664
    • C:\Users\Admin\AppData\Local\Temp\isfmm.exe
      C:\Users\Admin\AppData\Local\Temp\isfmm.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:5080

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\isfmdl.dll

    Filesize

    11KB

    MD5

    11d923708ee0f58104f03d7e430503e1

    SHA1

    58c3d25d57ed82d36f64f35f1fadd62166bad756

    SHA256

    604f32dde1fd1204712afa0b3811d8203e61f3995c84c7092a116943bc62d189

    SHA512

    0d5fe4adbd35dcef690c0bd10fd3dd20db2f48f79b269231f5fda174392368c25e0b8bf18f0a38c34ac90381ee6b06910f37ec9fbd27504880b55f2bc026d2bc

  • C:\Users\Admin\AppData\Local\Temp\isfmm.exe

    Filesize

    7KB

    MD5

    f2ae943aab2fd86a4a46ab3a7755a11b

    SHA1

    ba6933ee5ce7f408e3690012bb227f1a23a3fa5c

    SHA256

    b1fcf08abac0f20e6c32525ad2f195e4e61f4efafdd0ec6afd62b5e8ea998303

    SHA512

    658d02069c9d82ab06bf4b9ea3e32ee537ab7f3a3ebed396112454c82be6dcaa76d91095d5ae2650f698ebad5f6cd604139326126f6759ff89da32f727e204f6