Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26/12/2023, 07:23
Static task
static1
Behavioral task
behavioral1
Sample
5c4c0efe58df7e6ff24179cd765216a4.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
5c4c0efe58df7e6ff24179cd765216a4.exe
Resource
win10v2004-20231215-en
General
-
Target
5c4c0efe58df7e6ff24179cd765216a4.exe
-
Size
1.0MB
-
MD5
5c4c0efe58df7e6ff24179cd765216a4
-
SHA1
d11a9a5c27c53dc1adb3347dc1553a0645b84a36
-
SHA256
14e9f33dda0a03795365fe5552834d626bf908b3756608fa56c4bd54bd26e239
-
SHA512
511d468d2a331e24b3f03eb33c3967986c16290c98bb7e04934ac047c6eb44572b5c8068a5d428f00e7d715f60f25c629fb6183f58a6bdc5833148b529aac368
-
SSDEEP
24576:0hQrVT8SF0i2zmLJA9NbgUjQH/Txx0HJ7C/ly:u6ySFN2KLJQ24k/gJCU
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 548 5c4c0efe58df7e6ff24179cd765216a4.tmp -
Loads dropped DLL 2 IoCs
pid Process 548 5c4c0efe58df7e6ff24179cd765216a4.tmp 548 5c4c0efe58df7e6ff24179cd765216a4.tmp -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 548 5c4c0efe58df7e6ff24179cd765216a4.tmp 548 5c4c0efe58df7e6ff24179cd765216a4.tmp 548 5c4c0efe58df7e6ff24179cd765216a4.tmp 548 5c4c0efe58df7e6ff24179cd765216a4.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4176 wrote to memory of 548 4176 5c4c0efe58df7e6ff24179cd765216a4.exe 87 PID 4176 wrote to memory of 548 4176 5c4c0efe58df7e6ff24179cd765216a4.exe 87 PID 4176 wrote to memory of 548 4176 5c4c0efe58df7e6ff24179cd765216a4.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\5c4c0efe58df7e6ff24179cd765216a4.exe"C:\Users\Admin\AppData\Local\Temp\5c4c0efe58df7e6ff24179cd765216a4.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4176 -
C:\Users\Admin\AppData\Local\Temp\is-2BG1I.tmp\5c4c0efe58df7e6ff24179cd765216a4.tmp"C:\Users\Admin\AppData\Local\Temp\is-2BG1I.tmp\5c4c0efe58df7e6ff24179cd765216a4.tmp" /SL5="$7016E,294381,160256,C:\Users\Admin\AppData\Local\Temp\5c4c0efe58df7e6ff24179cd765216a4.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:548
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.2MB
MD5ff51b3686f50c07214d6f8abbaf15cf3
SHA153b116e9aede862d39be5fe15522f69699ec1fe5
SHA2568f0f3d4fd5dcd5ff49bb484d01a170bd0b2714250141cd61d01b2ee8adb1517b
SHA51246f5a203d9fb15acd2cd4cb003167b320e7b341b2ed66d09ae522b22e3ffa743be958ea830167c905e62aa8e1ad7babf9b48131d5e6629fa3c76485ea2843ca3
-
Filesize
1.1MB
MD5fc8695ccbebce5488a4baa402d9c64ce
SHA18b7aeb843ed79fee18e14a37f17e49497cab7878
SHA256abc60215d921d1441da2458dc6cb022f030419e19e5270a2848d2d0387865524
SHA512d4d8e792046720ac448eb51858e14eff9c187e27f1f130c3b9a7f7e3992f5c4abe42a1f796c1b1075fc3f121393474928914a6848c430e195353aba79b395df5
-
Filesize
226KB
MD51c8c92fe26150d403eb0a1fb826ea513
SHA1a589ac8c5026c84485ba81dd745949dd82328256
SHA256f73c564ce5315f2a24f1d9758f39917d8c35c1dfd6d9bf1bc0e32f29a914834f
SHA5120478aad9511c2581cc8c5eb5a76f050a5f28ad841c02ac15116fcdf20e7ea65e268d508ac7c9f20d045ba3a234363499fd30cc95e73602f1debdacd736c64e8a
-
Filesize
164B
MD5adc799ec79eeaef366ea4dddf099c3ae
SHA1556c915615a34a2499604b7b732ab304b20fdd4e
SHA2567e7f18c73560f9c020abe1ab1f22705083281e2ea16ab0030fc927901b5b5d1e
SHA51276962a17cc26d3f9886828be4e43373ac530165e1c627272ed7c0bc731133e97608e55d2e31f44592aad0d0974352155f41a0718aa0666ec128406b1050c1d6c