Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
07/01/2024, 18:26
240107-w3ameabffn 10Analysis
-
max time kernel
186s -
max time network
367s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
07/01/2024, 18:26
General
-
Target
Samples 6/c808c7043bbe6f22fdae5e9ad031db55e2ec385489a53ad3096985e53292244b.exe
-
Size
92KB
-
MD5
e63a11b2e2e6bcfa68011a56ac95bcbb
-
SHA1
3a43758c8f5bf1fd80b44d7dca6adaebd242ce59
-
SHA256
c808c7043bbe6f22fdae5e9ad031db55e2ec385489a53ad3096985e53292244b
-
SHA512
03bdecf2da756f32b7a19ca36cb0b272a15357fd0b1b124268400606aaea9c99e65ed440933c11ccc44a506aba50941f2afcb2fafab75979feb703a8b4e91bb7
-
SSDEEP
1536:f9HMlaocok7dJK4Rm7mUBAMs0q4gF693F7hmE5hOy:f9H75dJKWohBAMs0qC7
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Samples 6\c808c7043bbe6f22fdae5e9ad031db55e2ec385489a53ad3096985e53292244b.exe"C:\Users\Admin\AppData\Local\Temp\Samples 6\c808c7043bbe6f22fdae5e9ad031db55e2ec385489a53ad3096985e53292244b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\yaxkodila.exeC:\Users\Admin\AppData\Local\Temp\yaxkodila.exe2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD560c7652c22ee1456c3d1a0c16fa3686b
SHA13c82843a4ac73b8b0360b73a85eb7ef7721d192b
SHA25689e569854fec453eef950384b8e0829287d2b0ef89b4afd20099ab5277edf179
SHA512e0ced0d86f01d782853ff0d3e4edf9a87c129a040ebc6ed0025b31ab26af7e0236a52674721613928f990ca455f2d2a3448cd05a805852f4c0b5079cbc699d05
-
Filesize
132KB
-
Filesize
132KB
-
Filesize
28KB
-
Filesize
132KB
-
Filesize
132KB