Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    1s
  • max time network
    7s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 18:57

General

  • Target

    038a9d178b34111fe57ab57f802d8546.exe

  • Size

    578KB

  • MD5

    038a9d178b34111fe57ab57f802d8546

  • SHA1

    7859ac4a85f6add3cace2e57d30ad0acb33dded2

  • SHA256

    9e0eda25e9cfb2ee8e7f5e11fccc8fa2c86ed5ee8515cfc5ce166f27a9f22e94

  • SHA512

    ff0514487e1e33735ecd0ddadc41617db91668d53800c2cd009863d4c72de3ddc17b0d1156a8c73a344cec90ca2612a98b4f3ac0c770eddc786c21ce905008aa

  • SSDEEP

    6144:rFKTotgQSF9opZ4QdQcPatxoZQi/wCVmWNbbEnoLgsIsQzI5nLn9DWZOx:QUgHF9o/7OQrZQ7smEbFMj7cJnT

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 5 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 12 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\038a9d178b34111fe57ab57f802d8546.exe
    "C:\Users\Admin\AppData\Local\Temp\038a9d178b34111fe57ab57f802d8546.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    PID:2464

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.exe

    Filesize

    597KB

    MD5

    e810e1234194cf1c4948c24758673fa7

    SHA1

    edc04b6be8e767cd1a4d37a6e0adca6f27312539

    SHA256

    b2e8ce4271cdcb6483b38c5ea471c86a6aba9e69f32259c44c4a21bcea87097d

    SHA512

    864c48ae90510c688c300c59648d3ec812f474869c7723f2a8832860bc36c5bec69c6dac1241df293ccb886c5aa1a5e6e06d19d81705f2df488bbef1d7daf7db