Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
15/01/2024, 05:52
Static task
static1
Behavioral task
behavioral1
Sample
5c4c7f0afaf1039507c8a0c9f3726de4.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
5c4c7f0afaf1039507c8a0c9f3726de4.exe
Resource
win10v2004-20231215-en
General
-
Target
5c4c7f0afaf1039507c8a0c9f3726de4.exe
-
Size
56KB
-
MD5
5c4c7f0afaf1039507c8a0c9f3726de4
-
SHA1
3b08a11efb76aca38679e86afde7881a6eb5a380
-
SHA256
ff222baa4c7004806035c2d5e08666e1a5e63697454bd46014f7d2e0d7faf18f
-
SHA512
d932e8880fcc6123c1262307a93834528330faada11a4a7b681773c119fc895b8a3b02a7c9d1a38f3d7f39246ddb7b009204fa6b02bea293673cea3eb59ccde8
-
SSDEEP
1536:1OPhlosUoAarDX1JJfx3m4axLYNsp42idXe6Q:1OPlfJJ52BRkPQ6Q
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 4788 5c4c7f0afaf1039507c8a0c9f3726de4.exe 4788 5c4c7f0afaf1039507c8a0c9f3726de4.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~1\INTERN~1\ieframe.dll cmd.exe File opened for modification C:\PROGRA~1\INTERN~1\ieframe.dll cmd.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4788 wrote to memory of 3200 4788 5c4c7f0afaf1039507c8a0c9f3726de4.exe 85 PID 4788 wrote to memory of 3200 4788 5c4c7f0afaf1039507c8a0c9f3726de4.exe 85 PID 4788 wrote to memory of 3200 4788 5c4c7f0afaf1039507c8a0c9f3726de4.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\5c4c7f0afaf1039507c8a0c9f3726de4.exe"C:\Users\Admin\AppData\Local\Temp\5c4c7f0afaf1039507c8a0c9f3726de4.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4788 -
C:\Windows\SysWOW64\cmd.execmd.exe /c copy C:\Users\Admin\AppData\Local\Temp\ife.txt "C:\PROGRA~1\INTERN~1\ieframe.dll" /a2⤵
- Drops file in Program Files directory
PID:3200
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
396KB
MD5fc9c53c31e0c1e81e92567add52a9b65
SHA1fb1d22852613ce4df9e78750943cc29e4cbe2144
SHA256b878f2a15d2d405df41a6065482e9cf0b0520d50dc81357f76bb5e329882e0de
SHA51229697364ee294b9b062f7725108ff71fa94468aa47b08921c15f01aa310473cd7e5748f6be220d01fd635f783bc042ac5a95b3bb6a3c12c4874c47624b6ffb02
-
Filesize
6KB
MD5e54eb27fb5048964e8d1ec7a1f72334b
SHA12b76d7aedafd724de96532b00fbc6c7c370e4609
SHA256ff00f5f7b8d6ca6a79aebd08f9625a5579affcd09f3a25fdf728a7942527a824
SHA512c9ddd19484a6218f926295a88f8776aff6c0a98565714290485f9b3b53e7b673724946defed0207064d6ab0b1baa7cb3477952f61dbe22947238d3f5802fa4f4
-
Filesize
10KB
MD538977533750fe69979b2c2ac801f96e6
SHA174643c30cda909e649722ed0c7f267903558e92a
SHA256b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35
SHA512e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53