Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26/12/2023, 12:56
Static task
static1
Behavioral task
behavioral1
Sample
70363469f30c32f67b1c421aa1a2981d.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
70363469f30c32f67b1c421aa1a2981d.exe
Resource
win10v2004-20231215-en
General
-
Target
70363469f30c32f67b1c421aa1a2981d.exe
-
Size
639KB
-
MD5
70363469f30c32f67b1c421aa1a2981d
-
SHA1
23202c088a5083b61a33b45b4ed1bbf843b0f020
-
SHA256
149b3466d18354f31c00f7678c713309030037a5a5a174b32c698cc49ba35588
-
SHA512
1668b6bfd0473b6979f2363df72ede4daac6298f098c81dca7247488bb99bd04187301c7afbd27b44ef4b49cc1344bce08c218f5a029b7c77cf53d6e396d750a
-
SSDEEP
12288:6vpgXdSRStM+1ywYZ872lXHZ8SqLoR6yOIgCp2weGZN0NTa/EFJQtDNeTPM:6vmXdSwMEyE2p4W6yOI/preGZqNTNFmm
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4684-7-0x0000000002270000-0x00000000023AE000-memory.dmp upx behavioral2/memory/4684-161-0x0000000002270000-0x00000000023AE000-memory.dmp upx behavioral2/memory/4684-162-0x0000000002270000-0x00000000023AE000-memory.dmp upx behavioral2/memory/4684-163-0x0000000002270000-0x00000000023AE000-memory.dmp upx behavioral2/memory/4684-160-0x0000000002270000-0x00000000023AE000-memory.dmp upx behavioral2/memory/4684-164-0x0000000002270000-0x00000000023AE000-memory.dmp upx behavioral2/memory/4684-8-0x0000000002270000-0x00000000023AE000-memory.dmp upx behavioral2/memory/4684-6-0x0000000002270000-0x00000000023AE000-memory.dmp upx behavioral2/memory/4684-5-0x0000000002270000-0x00000000023AE000-memory.dmp upx behavioral2/memory/4684-2-0x0000000002270000-0x00000000023AE000-memory.dmp upx behavioral2/memory/4684-206-0x0000000002270000-0x00000000023AE000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4684 70363469f30c32f67b1c421aa1a2981d.exe 4684 70363469f30c32f67b1c421aa1a2981d.exe