Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

164d6a6364...f3.exe

windows7-x64

7

164d6a6364...f3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 10:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    164d6a636417f34658a3cff67ad526f3.exe

  • Size

    1.1MB

  • MD5

    164d6a636417f34658a3cff67ad526f3

  • SHA1

    60f906ca657cac46b34d903ffd0127c42130c42c

  • SHA256

    1c760857e861e7a69e3a01cdc1bd3cd5fe8d4de8b5027025a59888ae713b71bf

  • SHA512

    d3298fd9ce701214ff450590ad9a131dcb699025394c2e0769958151e9be77395bf0d68b2451a32041e75b83eedc54d8aa84dfab123577fa9c6d82bf011946eb

  • SSDEEP

    24576:Dr2fMLQ6gSy8Q7BiNL+VElHA1dHdQ0aKMrzws1Ztf3vw:v2EUOQdiNiElHAbdoKUwsVf3vw

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\164d6a636417f34658a3cff67ad526f3.exe
    "C:\Users\Admin\AppData\Local\Temp\164d6a636417f34658a3cff67ad526f3.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3500
    • C:\Users\Public\Documents\{8C1A49E6-2F7F-40E3-923F-5DE549CAF021}\starter.exe
      "C:\Users\Public\Documents\{8C1A49E6-2F7F-40E3-923F-5DE549CAF021}\starter.exe" boAPg04Yheavj8SmXRBU 962
      2⤵
      • Executes dropped EXE
      PID:4356
    • C:\Users\Public\Documents\{8C1A49E6-2F7F-40E3-923F-5DE549CAF021}\ArcadeYum.exe
      "C:\Users\Public\Documents\{8C1A49E6-2F7F-40E3-923F-5DE549CAF021}\ArcadeYum.exe" IC9UaWNrZXQ9Ym9BUGcwNFloZWF2ajhTbVhSQlUgL0J1bmRsZXM9MTYzfDE0NXwxMzR8MTYyIC9PYmVyb249MCAvQnJvd3Nlcj0zIC9BZExvYz05NjIgL3RwZD1odHRwOi8vZDEuYXJjYWRleXVtLmNvbS9hai9idW5kbGUvOTYyLz9wPU9UWXdNalE0TURjNU1YamNkenpXbTJHNUlITk9GaHo1TWd3bnpubnp5aHZ6UmRFTFFvbiUyQiUyQjJ6OWZPV00wTiUyRnpCdk00R3g5bXpTcUVVY0JzcG5aMnMlMkI0WiUyQmhZTGNTN1dhWlklM0QgL29wdGltaXplR0M9MCAvdXNlck5hbWU9QWRtaW4gL3VzZXJTSUQ9Uy0xLTUtMjEtMzMzNjMwNDIyMy0yOTc4NzQwNjg4LTM2NDUxOTQ0MTAtMTAwMAo=
      2⤵
      • Executes dropped EXE
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Public\Documents\{8C1A49E6-2F7F-40E3-923F-5DE549CAF021}\ArcadeYum.exe
    Filesize

    92KB

    MD5

    c1ac43638dd3ec0e785e955e9917be10

    SHA1

    3f9868afb6ae139ccad5671e57f528cd5a2be366

    SHA256

    63273107837c247ecf34d28e9fcd63c03d192e7b0fd15f26395a23b8f3b00e15

    SHA512

    b4b3871c7d2e569d89bb8f47de49a9b4be35ed7f5137f01108818fc83ecd9e6b9daa78a6aab04e953cf7d29cddbad0623838e52eb346051888794dc3dd7ed440

    Download Submit

  • C:\Users\Public\Documents\{8C1A49E6-2F7F-40E3-923F-5DE549CAF021}\ArcadeYum.exe
    Filesize

    883KB

    MD5

    1df9cb2785075f2738d8bdb876831731

    SHA1

    4a3048ba67f8b2529846e51cd0e7793f63f20ae3

    SHA256

    8459860387ea51a7d83e817f72d46f4eeaade8ec4414c89843676dc29d4496d9

    SHA512

    9209c7aac280b00905432be6d1f592c8fa99b6bbbc112297a0273d761d5c75d90e836bb66823181cf563df645b34e022f755e865f5d07b5588e1688d8476d330

    Download Submit

  • C:\Users\Public\Documents\{8C1A49E6-2F7F-40E3-923F-5DE549CAF021}\ArcadeYum.exe.config
    Filesize

    231B

    MD5

    ae437dea18c61477cc2f17f46fb11d01

    SHA1

    94afba8148c6072ad60c6899ed717005681e9da5

    SHA256

    d8966d4c96ba3c910f86c44d6d7b6c298cc70cc3c5c61bb975861eed846b0754

    SHA512

    61ad33f07fbb65863f1eb02a14230c38766fbb5e1fe4263433ecd32375249e7af71e49f054e5f919884f5250dccf95fb6791ceeadf3c2d4cb468ba5af3e8902b

    Download Submit

  • C:\Users\Public\Documents\{8C1A49E6-2F7F-40E3-923F-5DE549CAF021}\config.cfg
    Filesize

    74B

    MD5

    804c977f832e531755b22cd3ffba4e1a

    SHA1

    837a84db1a9032cd85d35a4e6ae8b8e4b138bc6b

    SHA256

    1391e7376eff4b7a8a01e163c1b36335b9faca356dc1c62c5defaacc2e044c7d

    SHA512

    f244b3854f702a180da17176d4d8d1308a48734229e5ae4a1edd45cbd723b7c5301a9c8318e218b0e8becde38381ad641915a87ad171f9817bc29940e18d2222

    Download Submit

  • C:\Users\Public\Documents\{8C1A49E6-2F7F-40E3-923F-5DE549CAF021}\starter.exe
    Filesize

    149KB

    MD5

    e82c1804533f9321af31fc44fdc138aa

    SHA1

    ed2dccd7116304d04d075bf91c0f79252bed6aa4

    SHA256

    a0f95644570a23fbc8482756eb85b92c34a77927ee66551cc0db37b8d7e181ee

    SHA512

    994c32676f7a8c14c7121199573db25fd906200c3f1869fb60615db63f60c9b653844ae43ae7e6e77d2dcf725491ad9691a9f6beeddec5fd8c517cf37d874477

    Download Submit

  • C:\Users\Public\Documents\{8C1A49E6-2F7F-40E3-923F-5DE549CAF021}\starter.exe
    Filesize

    1007KB

    MD5

    a0865a8429851042ede865187a5d6eeb

    SHA1

    1a71a4301d305a1cdacfd4c18acd6a057bd4cf44

    SHA256

    ebb4713a230340735681433fc87be0e46ab2db19ef395276a573086e45a631c2

    SHA512

    e20e286ca064ef84ac2f18450894c46d162af00c263b25a19f1d685769e1780a48961faf1397ff819bca2f2880759f7a7e86dc3d5b080b91e8afe164409bda42

    Download Submit

  • memory/1996-20-0x0000000005AD0000-0x0000000006074000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/1996-18-0x0000000073A10000-0x00000000741C0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1996-19-0x00000000009C0000-0x0000000000AA2000-memory.dmp

    Filesize

    904KB

    Download

  • memory/1996-21-0x0000000005520000-0x00000000055B2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1996-22-0x0000000005770000-0x0000000005780000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1996-23-0x00000000054A0000-0x00000000054AA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1996-25-0x0000000005770000-0x0000000005780000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1996-27-0x0000000073A10000-0x00000000741C0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1996-28-0x0000000005770000-0x0000000005780000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1996-29-0x0000000005770000-0x0000000005780000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1996-30-0x0000000005770000-0x0000000005780000-memory.dmp

    Filesize

    64KB

    Download