Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
160s -
max time network
173s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
29/12/2023, 20:10
General
-
Target
02a5c26481aa82d85f04ba6d97f53fe6.exe
-
Size
36KB
-
MD5
02a5c26481aa82d85f04ba6d97f53fe6
-
SHA1
ae950032edb089f7c73ddfdf13f23e24a04702dd
-
SHA256
42f1466e480f36b83f367e26010bdc1376f7fd09485849945401f51d5c21d8e9
-
SHA512
63623f3195d13aa51e153a375f81bbf7e92164fa902875e4fff6d9b8422fcff9c8c1e0d2c35d1429d5d0a69ff425a656953830d4221513488856737abefe9ee8
-
SSDEEP
384:R4n1dWgsWIcUAewcDdDUD4QvSeOSgk/UZRe4xDpGkaV3gTGPz5S6ihTuXo2dsGLN:K77V7LUZQEpTDxNflPZscjS55DHy0
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\02a5c26481aa82d85f04ba6d97f53fe6.exe"C:\Users\Admin\AppData\Local\Temp\02a5c26481aa82d85f04ba6d97f53fe6.exe"1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4487.bat" "2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
299B
MD5f4b33f94f4b2ccd3b4db7a8e3a6d4999
SHA10b907087e9cac5497105ef8c8fe1cd9c61151414
SHA2564464c889fca0767c0ffc555bc1be7f17ddb7edeefc6cef8091fd1ca7e7333eee
SHA512b04f4c411ea058db235503e2b6d57784b5bb48370675b7c163fe77637929ee76e225a012db1bbc83b09efc32d87ab909819bd7f3c4cb86e41cd71dae66037ceb