Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26/12/2023, 12:18
Static task
static1
Behavioral task
behavioral1
Sample
6deec82a2c98866576eaded66ce459f0.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6deec82a2c98866576eaded66ce459f0.exe
Resource
win10v2004-20231215-en
General
-
Target
6deec82a2c98866576eaded66ce459f0.exe
-
Size
552KB
-
MD5
6deec82a2c98866576eaded66ce459f0
-
SHA1
316b2c3a15fafd14950f21200f64530f10f1004c
-
SHA256
e956dde755fbe6d0d329f46cff195356f87ab38dd32b3a8c00805938c46c3390
-
SHA512
d042f48d0c7c66ca55f61cfafff8d537b5eaa6d2a7305bfe20e86abaa8c137979b68011efd251358dd9dedd4ec8e4ab8919e665994ed6d5fcb1f9281a34b7fbc
-
SSDEEP
12288:EmkOyMJfsGNA6u7X7B9eQ3LPq8kecgm2+EN+LDmoVjFQN5WLqPP/huErwmIfYTqo:EfOyMJfsxDHegqXecgm2yDmoVjWN5yAt
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 556 is-FSKUE.tmp -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2068 wrote to memory of 556 2068 6deec82a2c98866576eaded66ce459f0.exe 19 PID 2068 wrote to memory of 556 2068 6deec82a2c98866576eaded66ce459f0.exe 19 PID 2068 wrote to memory of 556 2068 6deec82a2c98866576eaded66ce459f0.exe 19
Processes
-
C:\Users\Admin\AppData\Local\Temp\6deec82a2c98866576eaded66ce459f0.exe"C:\Users\Admin\AppData\Local\Temp\6deec82a2c98866576eaded66ce459f0.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2068 -
C:\Users\Admin\AppData\Local\Temp\is-R1NOA.tmp\is-FSKUE.tmp"C:\Users\Admin\AppData\Local\Temp\is-R1NOA.tmp\is-FSKUE.tmp" /SL4 $A008E "C:\Users\Admin\AppData\Local\Temp\6deec82a2c98866576eaded66ce459f0.exe" 315513 527362⤵
- Executes dropped EXE
PID:556
-