Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2c136aa55d...cc.exe

windows7-x64

5

2c136aa55d...cc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 06:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c136aa55d66577608f8d74d3ff0d1cc.exe

  • Size

    2KB

  • MD5

    2c136aa55d66577608f8d74d3ff0d1cc

  • SHA1

    516ecb3377bebffd5cc6a73b012e8990fdb66be0

  • SHA256

    1e539e4edb08c5fd4a091ca8b96c44e3c3c11034483b9a75d184c5affca68a03

  • SHA512

    efee1ddfd4834d68a70c5bc6bc1a5336420458dd735e7369027758a3347b9fefa2ba37a864536dfba339e46c61d9df961307e819b40fd6f7eae316da20ec20fb

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 25 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c136aa55d66577608f8d74d3ff0d1cc.exe
    "C:\Users\Admin\AppData\Local\Temp\2c136aa55d66577608f8d74d3ff0d1cc.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3208
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\c0ldW4ff3lz.bat" "
      2⤵
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:5060
      • C:\Windows\SysWOW64\attrib.exe
        ATTRIB -S -H -R -A C:\Windows\*
        3⤵
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Views/modifies file attributes
        PID:760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\c0ldW4ff3lz.bat
    Filesize

    144B

    MD5

    ac6dc4ca9cd7dfc654f8994603163ad7

    SHA1

    190b3c2d7268a1526b7cf6c3e9d5a2ac400e151f

    SHA256

    fc94bbf991dfc7e5ece390ec84b0f93b21aeac47667a90d302ee382764cfa820

    SHA512

    0c34191973e299c803be4aa439a56791ba5ad6db7bf17981978167724c133f1016006871d0a4919ca53d61dc6c2dedf625efa94d205a5b4efdae9e254aafde8c

    Download Submit