Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
15/01/2024, 02:43
General
-
Target
5bed002693c8d51253162b847dcb52b9.exe
-
Size
860KB
-
MD5
5bed002693c8d51253162b847dcb52b9
-
SHA1
54a4b4a01858d13722c1813cd146c92936bde327
-
SHA256
863aa5c5903b8a6c48e38b91a5047a069dfa0121b232b55ae53565580a27e93d
-
SHA512
0420fc446fc72451ed180a9afc7d58c43f71d1667c7c1607c220500d0035f23a1f36d38e5c46573e6c2e3cb841fb419a003994a84ba6d60cba6afc7372b18eea
-
SSDEEP
24576:b1VUfLibdQTQzbQNxAdBbklQzqPE+k/SSsmwD7:BeTi6svQN6T4VEXKShQ7
Malware Config
Signatures
-
Creates new service(s) 1 TTPs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 3 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in System32 directory 4 IoCs
-
Launches sc.exe 2 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5bed002693c8d51253162b847dcb52b9.exe"C:\Users\Admin\AppData\Local\Temp\5bed002693c8d51253162b847dcb52b9.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\sc.exe"C:\Windows\System32\sc.exe" create ccfgnt32 type= share start= auto DisplayName= "Internet Configuration Library" group= "Event Log" binPath= "rundll32.exe C:\Windows\system32\ccfgnt32.dll,igib"2⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exe"C:\Windows\System32\sc.exe" description ccfgnt32 "Internet Configuration Library"2⤵
- Launches sc.exe
-
-
C:\Users\Admin\AppData\Local\Temp\4fe41b4a.exe"C:\Users\Admin\AppData\Local\Temp\4fe41b4a.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
150KB
MD5fdc81d7277b6f244a6a6d045b1f9ed89
SHA1e929fbae6b877af7fe1b9bb3c54cc72dbd6409fe
SHA256e9cd4ec87d2bf18e43f88b95138714bf964cbf8b012f06a797be49311ef1c5ef
SHA5125e3f6c53b44ba0a6dfc88471479ea2c44a19fc55490d9a6f95c426953869ba8861d87c66d399b1f68a985c403b645d3880303e8e99e10f0920c277138b75f41c
-
Filesize
795KB
MD5f0dee2a8a9730ae0ed70aa5d0d1bbd74
SHA11905a834598459a0f88d12fdfd6a1d893c43449b
SHA2568cc5e834e7ff983f9312826611435a2d80f7703bc208402c4f62954c270ae692
SHA5125673b16ae28dc0f53cb47ce675bf51ce9bff12e8503f33274cd20145a9487b271cc8975fa7bd63b443a4cd1436693d5976546efa0329b927e3fbf8155584ec29
-
Filesize
157KB
MD5fbd929bfc7b4a9e4fa4506655bab4c4a
SHA1b4df84de80729a04ed90dc976a3e730a568f24f8
SHA256adf8dea5d36b58cf621e2bb0c4549f94e0919308dd7cc1215d942417c45e54a4
SHA512b310e79848dc2a3c6a4524e0b120e2e3dd73ecb6852c65a9eec368045f7bab0b141210726476dd3cb0c1d9008e1f34149f35c03a0156a9eef7d4a7fbc61ea1b4
-
Filesize
30KB
MD53df61e5730883b2d338addd7acbe4bc4
SHA103166e6230231e7e3583cf9c8944f4967aa1bf1b
SHA2562efe9a54c8eb878711d9b6cd18f276838645aff52fe69d8a864376cb258ec616
SHA51236e9d705d22dad3d952b4da578a990f2b63ec2f9fbf2734efdaea9ecbd4f07a8d7232792eb5bdd81c553354d51334993cb6103c377f3483a680eac9e41cd2087
-
Filesize
24KB
-
Filesize
24KB