Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
29/12/2023, 22:11
General
-
Target
05469e24bd9fc5b10271cca5ab1e9b4e.exe
-
Size
323KB
-
MD5
05469e24bd9fc5b10271cca5ab1e9b4e
-
SHA1
4a836f602bda13243ce69776c5343255e8690bbd
-
SHA256
e4fb7d3f5437f91f4159bb0c8e10addf1d775c5ff5374fc4cd0328064e663ad7
-
SHA512
fd2eff1f7a079e92006bdf7850cacf2d06aca3d0c4ef1529d257bc4957f67e9285b817dd220843973a76e8e96156d92a7b46331f172ff66930489d138916c1bd
-
SSDEEP
1536:FkoVgaYJLFfLJEUI1qeXxyGA3N5eyD8SlNDSzvHFRiCCVGCWPGeSe+eooOoaoCok:/tYJLFfLoWGA3N5ecYxo
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer start page 1 TTPs 2 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\05469e24bd9fc5b10271cca5ab1e9b4e.exe"C:\Users\Admin\AppData\Local\Temp\05469e24bd9fc5b10271cca5ab1e9b4e.exe"1⤵
- Checks computer location settings
- Drops file in Windows directory
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wscript.exe"C:\Windows\system32\wscript.exe" /nologo C:\WINDOWS\ddhnj.vbs2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\Del492E.tmpC:\Users\Admin\AppData\Local\Temp\Del492E.tmp 1084 "C:\Users\Admin\AppData\Local\Temp\05469e24bd9fc5b10271cca5ab1e9b4e.exe"2⤵
- Checks computer location settings
- Deletes itself
- Executes dropped EXE
- Drops file in Windows directory
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\wscript.exe"C:\Windows\system32\wscript.exe" /nologo C:\WINDOWS\ddhnj.vbs1⤵