Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
3s -
max time network
92s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
01/01/2024, 14:01
Behavioral task
behavioral1
Sample
3d0a59f4bbee5fadba009efc37dad7b2.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
3d0a59f4bbee5fadba009efc37dad7b2.exe
Resource
win10v2004-20231222-en
General
-
Target
3d0a59f4bbee5fadba009efc37dad7b2.exe
-
Size
418KB
-
MD5
3d0a59f4bbee5fadba009efc37dad7b2
-
SHA1
aa77adef23c4dde848b3c5509ffbd69790167cd5
-
SHA256
ec61b03b4cefe3fd4baa89539133a4763f839d20ffee84062b9b619c89aec4f0
-
SHA512
4a6830d25adbac11d77621f9add0cd96c2711040ba1aaf14352f8fd9b826bfca6820dcf41f881cebe8642ba614f51928d4158209a57d0a02d04f2cd9270e9219
-
SSDEEP
6144:xBXsRBP1ttbZO3l5QYktJKjAjTglZGE6w7ofGSsd97vbQI4FB+:IHPPz+AjUl56wVSsnF4D
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2040 Bkiria.exe -
resource yara_rule behavioral2/memory/4188-0-0x0000000000400000-0x000000000046A000-memory.dmp upx behavioral2/files/0x000a00000002310f-10.dat upx behavioral2/files/0x000a00000002310f-9.dat upx -
Drops file in Windows directory 4 IoCs
description ioc Process File opened for modification C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job 3d0a59f4bbee5fadba009efc37dad7b2.exe File created C:\Windows\Bkiria.exe 3d0a59f4bbee5fadba009efc37dad7b2.exe File opened for modification C:\Windows\Bkiria.exe 3d0a59f4bbee5fadba009efc37dad7b2.exe File created C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job 3d0a59f4bbee5fadba009efc37dad7b2.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 3232 2040 WerFault.exe 76 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4188 wrote to memory of 2040 4188 3d0a59f4bbee5fadba009efc37dad7b2.exe 76 PID 4188 wrote to memory of 2040 4188 3d0a59f4bbee5fadba009efc37dad7b2.exe 76 PID 4188 wrote to memory of 2040 4188 3d0a59f4bbee5fadba009efc37dad7b2.exe 76
Processes
-
C:\Users\Admin\AppData\Local\Temp\3d0a59f4bbee5fadba009efc37dad7b2.exe"C:\Users\Admin\AppData\Local\Temp\3d0a59f4bbee5fadba009efc37dad7b2.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4188 -
C:\Windows\Bkiria.exeC:\Windows\Bkiria.exe2⤵
- Executes dropped EXE
PID:2040 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 8443⤵
- Program crash
PID:3232
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2040 -ip 20401⤵PID:1920
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
18KB
MD52c6a5746432cab5b335a1eda17f780e8
SHA1961aa981b7eb48ec0074bf8e939cc35c7ddd127f
SHA2564ac047a69fd24725fa7c00222825913f29a35109ea79bb162f07b5c637de2e5e
SHA512c772c4508fbb601c9cc8d85b78b133917b3d499f9147d46928c73c2f55fe02909dbcb4be8b221d12b58bd48c05d8e865bb0d97181e6a6ddc8b770497dd74216d
-
Filesize
5KB
MD570f281e23472d910a75df27ad2960404
SHA1b221c4467d7c61bff6ecd304995da884ce15b1b4
SHA25623b1cdd0c4632763dd6e3be7ba3524f95503a6659e8dbc9fbb0b2fe38e1233e0
SHA5125b6a7123f3deda91c5f6769e1cdcbeaac70527fc5c31c8738d262c45d990e9ed93da80adcd2b0b077eec0b179fb1ff5eacf1d26bdc2ece50c8b8ad015ef6b7e6