Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
30/12/2023, 02:13
General
-
Target
0b469f17734cca213f4d0500ded15e41.exe
-
Size
211KB
-
MD5
0b469f17734cca213f4d0500ded15e41
-
SHA1
5dd80170764c3d88bd25bf1dbdbf69fe8cbc3faf
-
SHA256
c70900329c557c0fb8f6a8ec2d6987d29a73dd0bc12cb43eee51c54a946c03e4
-
SHA512
1ae91d80902ac01938afaa0ccdcda45777254368d6eaa981e6dc88462ce1c868b5c2229a4e2a605e5252679360eedff6ee2db53492f632085976f7f034322888
-
SSDEEP
3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/e8EpjBFy11AwH:o68i3odBiTl2+TCU/chuhuIp9
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 12 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0b469f17734cca213f4d0500ded15e41.exe"C:\Users\Admin\AppData\Local\Temp\0b469f17734cca213f4d0500ded15e41.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\bugMAKER.bat2⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76B
MD56f53dd0d78038203f6d7153c0a56a7b6
SHA1de5f5911b9b2bc3ad8fddbb815dee4c7ef6179dd
SHA25626fb7087e6e2a989889ad2c2940b238052db0f31bca0872fa04dd6a4cf9e11c8
SHA512cd2c745cfe2d92f846c1a807cafab8f02cc5b87ccf72b2a2c1ab8c80b789b18c13f61b4065e67b6d4635aeec254d35cbcf91e085224ae0c6f5d43accaba7070b
-
Filesize
180KB