Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0460055aa1...f5.exe

windows7-x64

6

0460055aa1...f5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 21:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0460055aa1d22db6f782ea7d193292f5.exe

  • Size

    244KB

  • MD5

    0460055aa1d22db6f782ea7d193292f5

  • SHA1

    0ab97aefae9a123066b3cb75ccc2d1c46ab7c9a8

  • SHA256

    3b75615babef6b23d7cda39f8f82610af508fc7166d2dc1af530c1b95dbf43da

  • SHA512

    cc2369c0f6f1a2af6b033406ec5b74d06f8e69483df489d328d7132bc18c602abd395b264671f562b5d2ce76c8f5f096b3c61e244cf91fe1fc3890c58199008b

  • SSDEEP

    6144:o68i3odBiTl2+TCU/jk8khuhuIp0huhuj:TNodBiTI+Tpjquauy

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0460055aa1d22db6f782ea7d193292f5.exe
    "C:\Users\Admin\AppData\Local\Temp\0460055aa1d22db6f782ea7d193292f5.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4836
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\bugMAKER.bat
      2⤵
      • Checks computer location settings
      • Suspicious use of SetWindowsHookEx
      PID:4520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\bugMAKER.bat
    Filesize

    76B

    MD5

    c679d65df302c6d54770907ab147c953

    SHA1

    db6e4bff3122fb1b1c5ed4204cccaf613082e8fa

    SHA256

    fc43f3cffa6c8f87d39c58169e4fff83de0a89346c68a005f2f17670a60aabfd

    SHA512

    fae207df4385369fe807bebb70db58b47994868b9d528a00321f186447216f0ceb554ef75b2222d315e71a9fd9caca8e9777e47b0cdee03d0b08e492de907b00

    Download Submit

  • memory/4836-24-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download