Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29/12/2023, 20:13
Static task
static1
Behavioral task
behavioral1
Sample
02bb0dba66cb1b35f20a101b88494b50.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
02bb0dba66cb1b35f20a101b88494b50.exe
Resource
win10v2004-20231215-en
General
-
Target
02bb0dba66cb1b35f20a101b88494b50.exe
-
Size
939KB
-
MD5
02bb0dba66cb1b35f20a101b88494b50
-
SHA1
c7c33ab47028787d588e28baaa33d9ffe36be4b2
-
SHA256
3fd39c5f8b99577694caba921ae417c76df96a89cb5185fa1ef0e68e1d838fca
-
SHA512
12cda96b8f2a21d0285d895c93b3147f16fb70badf8bdde66f160c92e8821a45d5060ce010dce4e59dffdec410080cd2502c2308612df9bb0b443c288f249b09
-
SSDEEP
12288:TLoBw+bbjB1D6U+s802ziOQK/d+QXkkza6GOL9BkxcQiOOQu7aEcCLwQ+a62E33:UvD5+GE/kscc3ku1hQuECQ2E
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2036 Stub.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" 02bb0dba66cb1b35f20a101b88494b50.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2672 wrote to memory of 2036 2672 02bb0dba66cb1b35f20a101b88494b50.exe 19 PID 2672 wrote to memory of 2036 2672 02bb0dba66cb1b35f20a101b88494b50.exe 19 PID 2672 wrote to memory of 2036 2672 02bb0dba66cb1b35f20a101b88494b50.exe 19
Processes
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Stub.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Stub.exe1⤵
- Executes dropped EXE
PID:2036
-
C:\Users\Admin\AppData\Local\Temp\02bb0dba66cb1b35f20a101b88494b50.exe"C:\Users\Admin\AppData\Local\Temp\02bb0dba66cb1b35f20a101b88494b50.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2672
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96KB
MD540dedf759599c803b1499cf218482dd7
SHA1617642f846a2020776e1b936b55a8cf86df41c30
SHA256067c67842c718c7b2f647a7bbd43296fd2f9745ce7df2f1e8c9a012d66c74628
SHA512a1d461032b81cd9e92ece9ed9be25444dd25b694bdb537c14c0dbd60bbabe534f5dabb836653406a7f8fae1c85321bf81650c69b08edaf52eb197d05c9d62b0c
-
Filesize
93KB
MD5e6a70c437bc2e596110eff8039b5b774
SHA16a4e454b3e26f8e1cd04a68e3cd16d64e665b28b
SHA2562c306a97a6756d25e19ad6ba59c7f38307719fc8bedfaf2b7f6d59d8349cae69
SHA5125ae2205edd0e8d92963d814740c72b148d43b5e2dace4bf2ee2061e2c4d2c2308b326cbdc686f1ab74c3667ec7c45ef285c646545f8eed68312fa817287ff84c