Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1s -
max time network
75s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 23:01
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1f46e2e8f7178bc73e16eb4131dae0f2.exe
Resource
win7-20231129-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
1f46e2e8f7178bc73e16eb4131dae0f2.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
1f46e2e8f7178bc73e16eb4131dae0f2.exe
-
Size
206KB
-
MD5
1f46e2e8f7178bc73e16eb4131dae0f2
-
SHA1
b2c6eb72d71d69afa3948a30512dd8fafc52ffb4
-
SHA256
479b1793a94de490112827384fd40dbd445f60495815e5ad5d741c78a4c135c5
-
SHA512
d12f1130b94f3f7f03365745a19c1c97e1302dae60137869daf42c20b86b76012f2b997bfecef31bbc7451d92e7dda11bb0c869c6b59e434e093be491926209a
-
SSDEEP
3072:upTqaoFEUX6rO+Mpm9bTAaCOKY8P5EZsetaj/v9hNTyt:u0aYX6rO+MpmqaCOK15DetQv9hYt
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification \??\c:\windows\SysWOW64\explorer.exe 1f46e2e8f7178bc73e16eb4131dae0f2.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe 2196 1f46e2e8f7178bc73e16eb4131dae0f2.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1f46e2e8f7178bc73e16eb4131dae0f2.exe"C:\Users\Admin\AppData\Local\Temp\1f46e2e8f7178bc73e16eb4131dae0f2.exe"1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2196 -
\??\c:\windows\SysWOW64\explorer.exec:\windows\system32\explorer.exe2⤵PID:2744
-