Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
11/01/2024, 10:45
Static task
static1
Behavioral task
behavioral1
Sample
534e8e291a09631ec0e63d1e93c2895c.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
534e8e291a09631ec0e63d1e93c2895c.exe
Resource
win10v2004-20231215-en
General
-
Target
534e8e291a09631ec0e63d1e93c2895c.exe
-
Size
643KB
-
MD5
534e8e291a09631ec0e63d1e93c2895c
-
SHA1
79370058402f59160174975de94a1ae180c9a4cf
-
SHA256
302d6f18cd340b57755c0e80172cbf57db70d9b3c26a76bd24b2016b61bba45f
-
SHA512
9170a4fd9a20f229a80c48d8b3f82148c71daaf58b4638ad906ad6ea8382f0b775d2d1219e7a3fdb98c55bbf57baa77f40f3a43cd2bf1a99a03a954de50cddf1
-
SSDEEP
12288:u9pSdKrT3wBDe5394bxzJH3nCL7eZmePFF3Z4mxxNDqVTVOC3:uK4rsRWUzcLCIedQmXMVTz3
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 5060 Iowrminedzard.exe -
Loads dropped DLL 2 IoCs
pid Process 5060 Iowrminedzard.exe 5060 Iowrminedzard.exe -
Drops file in Program Files directory 4 IoCs
description ioc Process File created C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.dll Iowrminedzard.exe File opened for modification C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.dll Iowrminedzard.exe File created C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.exe 534e8e291a09631ec0e63d1e93c2895c.exe File opened for modification C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.exe 534e8e291a09631ec0e63d1e93c2895c.exe -
Program crash 2 IoCs
pid pid_target Process procid_target 1820 3620 WerFault.exe 16 3952 5060 WerFault.exe 27 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 5060 Iowrminedzard.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 5060 Iowrminedzard.exe 5060 Iowrminedzard.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\534e8e291a09631ec0e63d1e93c2895c.exe"C:\Users\Admin\AppData\Local\Temp\534e8e291a09631ec0e63d1e93c2895c.exe"1⤵
- Drops file in Program Files directory
PID:3620 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 3242⤵
- Program crash
PID:1820
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3620 -ip 36201⤵PID:3976
-
C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.exe"C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5060 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 3202⤵
- Program crash
PID:3952
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5060 -ip 50601⤵PID:4028
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
18KB
MD5eb6e21b0ae75bd97038a6e43cb5a7826
SHA1c05b6d3dc611f7f166fb13644723f33ef871d07d
SHA256bf823a3a99d33ef05d68088852ccf8471a3ecb6c46dae6582743ecf69bc20f2d
SHA512be0822d449199ae4e622da7a0c1a52c00f86ec71d066124ef6aab53d603a4750006a4a760a5accab7790a34e226c40fd90a6cbb68128c07f90772d5aca3937ac
-
Filesize
18KB
MD555b8e51bdba66e8f4e1fe2ad7869d8b2
SHA1ff7c8783e265c3179930d72221bf0f33d9ba0131
SHA2563f378e6193b3058f79b71b492a9226bfc0fb58510bf3c7e2582541891a662f1e
SHA5121c174adde4a13d4bf2a732edeaf5f507dfd6af64dc6cb76885653ca3deee0c75ffb240bfc2bc8411a02d819f08125ee1043e2889e71e053d177be92552f9161f
-
Filesize
19KB
MD53f3092e6b4962daefdba07d8a82c7ace
SHA1707256ca7f6622945d24a8ff817314455ddc4689
SHA256cdcea891ca9629fb4a4f2be038b740e37469cae1857c63ee866d095e7760e116
SHA512cb82d9a414cb86d42ec4cf92033f22979ae187ec10fc34cc6cc2ecd66106851c9c4461337f8f19c8977d0db28df02c1874bcd0293f13ebd432e716ebd32f7cdc
-
Filesize
16KB
MD501bb54214eb1793a4c4ff01ca2c57f30
SHA16f5016232f455a3e1e55d6b3fad618ff4cf1a47b
SHA2564827f450908171bbd804636385fcddcbcf5ea3f1c2678f2941001bbb331c0f7a
SHA512791e0f1000de6762a051cad49db4330131a34344fcdd38586dca9fa4188e3eddf878f68df4b2aacd345c3cfd36b983f8fc3b79d4aba295d1af9f4af5424309ae
-
Filesize
61KB
MD5877b66782fcab446479e2e2ba76ffb4b
SHA1a7c038ff5968169e7b1f561593a4596dcbeed85e
SHA256ebff01df76c5b128483bcac81d1c32092f99015d1fab5bcd3408b6f8c841a845
SHA512adae2c5f59829defb7602c6ee6581f4d908e49db6ff49d965abcf7884858ccfc40fd36ec5a47b4e842853a70516ee070d8c2813e4761aa02daa9e2cdd8bbf8ea