Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
01/01/2024, 02:59
Static task
static1
Behavioral task
behavioral1
Sample
3bb64eba8440f3225d2cfd833402cb30.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
3bb64eba8440f3225d2cfd833402cb30.exe
Resource
win10v2004-20231215-en
General
-
Target
3bb64eba8440f3225d2cfd833402cb30.exe
-
Size
291KB
-
MD5
3bb64eba8440f3225d2cfd833402cb30
-
SHA1
72d1b353926807ce0eb0522c191dd7c60cc2bd81
-
SHA256
8aeff21be87edb12c6d81caf8b905f4bc3164984973e265baee52d513d780748
-
SHA512
4b69b7a36ed6a600245e25e53f8617fe7a38d3363b462dcf7a7c1b66d006a50bcf95df16b9502d135b7068979f7650b81e72f819a1d74f1376247d2761a0da3b
-
SSDEEP
6144:JGK94QZVcjSIXT6JRoar658ZI7arNhReT3MLV+TJQ:4K95Vcjbr5SlrNhReTy3
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3712 svchost.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SystemHost = "C:\\Windows\\Temp\\svchost.exe" 3bb64eba8440f3225d2cfd833402cb30.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3712 svchost.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1012 wrote to memory of 3712 1012 3bb64eba8440f3225d2cfd833402cb30.exe 19 PID 1012 wrote to memory of 3712 1012 3bb64eba8440f3225d2cfd833402cb30.exe 19 PID 1012 wrote to memory of 3712 1012 3bb64eba8440f3225d2cfd833402cb30.exe 19
Processes
-
C:\Users\Admin\AppData\Local\Temp\3bb64eba8440f3225d2cfd833402cb30.exe"C:\Users\Admin\AppData\Local\Temp\3bb64eba8440f3225d2cfd833402cb30.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1012 -
C:\Windows\Temp\svchost.exeC:\Windows\Temp\svchost.exe2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
PID:3712
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD55913bb9a5d17d706a9b492af46fdf823
SHA1215d3d468ff8fe9fa0653b7177f7a49ec500907b
SHA2566780c920d29a086f525c891d78177c48bb847a93dbea65e618a9c7ada9e7a302
SHA51243c3f6b050bd3ecc334022aef400e2884711f705b6c00e445f5aa2056e2493cca2ec7cefbe99dfc2ddf56ea56c419604c31bb233bde324f1b452eae7b9a43482
-
Filesize
10KB
MD520906082b9814d728c6257accf2f033d
SHA1fd5e23b1cb6fe49e3194e0eb8419a4a441ea95e1
SHA2562cd808c964b907656242ebd301990fe28132b07102385906638299ddaa6f7029
SHA51270fdf3a35061ba45b5410f02564f301ed4ef8b2abca21a2ecce4514d5cd4f89838c0dc714fc59de5d3515560de907913dfe0ad1e764f22d895dd00e8baa28ec8