Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
54s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
29/12/2023, 21:34
General
-
Target
048cd9a81f8419dcd92620c9983ce9a0.exe
-
Size
580KB
-
MD5
048cd9a81f8419dcd92620c9983ce9a0
-
SHA1
0393f8a1e55431bac93614b55f482223ff536638
-
SHA256
092d0c4356b7d9227b184190137ffe7c9916701f7ac6aa93e4f028bb3d5c7583
-
SHA512
1bcd749c35289f9383f1f12c46a9c551225ae3cfd85b65bf1efe68a541f13dc1c477dd4a74295ad0357bd4446b188f2b5870c04e12e6c9d936299bdc965212c2
-
SSDEEP
12288:3RteN723mmqw3CI0DO4asqWZzHjfUcBQwETtQ:3Re7xwCI0i4aXWNHjfrQfTtQ
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\048cd9a81f8419dcd92620c9983ce9a0.exe"C:\Users\Admin\AppData\Local\Temp\048cd9a81f8419dcd92620c9983ce9a0.exe"1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\048CD9~1.EXE > nul2⤵
-