Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
01/01/2024, 11:47
Static task
static1
Behavioral task
behavioral1
Sample
3cc606fe81fc547459587cc217b3ea6c.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
3cc606fe81fc547459587cc217b3ea6c.exe
Resource
win10v2004-20231222-en
General
-
Target
3cc606fe81fc547459587cc217b3ea6c.exe
-
Size
388KB
-
MD5
3cc606fe81fc547459587cc217b3ea6c
-
SHA1
d631f8b6349bcd96ad179d5ef1eb106659623e5e
-
SHA256
2064f93a1a6177c68c6d2c50c8fdaf26d1b3b62650aca9bc20bad8121d55367f
-
SHA512
634868c0abb9ff1dcce2f8c96651da11fd29dfa4a8c170601e4ef048f55f9614d54ec979b18c535b9d3b51479fdc4a87c8b47a64d57d132fe6b942685b9c0104
-
SSDEEP
6144:KQ3/9nM3DoFFjuvf/toNQ8dqLuJoU0U7Hd8CntQOHHM+HFFTjXdpNnT2wdQ3/nQd:X9nM3D0Fw/tN8dkmLtpHHHrh7kC1
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2080 Au_.exe -
Loads dropped DLL 3 IoCs
pid Process 2080 Au_.exe 2080 Au_.exe 2080 Au_.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NSIS installer 2 IoCs
resource yara_rule behavioral2/files/0x0007000000023210-4.dat nsis_installer_1 behavioral2/files/0x0007000000023210-4.dat nsis_installer_2 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1556 wrote to memory of 2080 1556 3cc606fe81fc547459587cc217b3ea6c.exe 22 PID 1556 wrote to memory of 2080 1556 3cc606fe81fc547459587cc217b3ea6c.exe 22 PID 1556 wrote to memory of 2080 1556 3cc606fe81fc547459587cc217b3ea6c.exe 22
Processes
-
C:\Users\Admin\AppData\Local\Temp\3cc606fe81fc547459587cc217b3ea6c.exe"C:\Users\Admin\AppData\Local\Temp\3cc606fe81fc547459587cc217b3ea6c.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1556 -
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2080
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD5e775b197c0996677091f88a7551b7b47
SHA165fdff087fd913f92c6b23065d18cece3a3adecb
SHA2567946a84269798e1a14a7e8b189b7106b05e944a116d2069e5a3b26fc904db3e9
SHA512f2168916e65f5532ac2a2f0af01d8d4c956f7262741aa14822bf14fd8da8cc4072738dbe2cbd3db08bcb995024dcadd1612b5c850e9f48c64f9d29dec23f06f5