Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    147s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/01/2024, 05:52

General

  • Target

    5c4c7f0afaf1039507c8a0c9f3726de4.exe

  • Size

    56KB

  • MD5

    5c4c7f0afaf1039507c8a0c9f3726de4

  • SHA1

    3b08a11efb76aca38679e86afde7881a6eb5a380

  • SHA256

    ff222baa4c7004806035c2d5e08666e1a5e63697454bd46014f7d2e0d7faf18f

  • SHA512

    d932e8880fcc6123c1262307a93834528330faada11a4a7b681773c119fc895b8a3b02a7c9d1a38f3d7f39246ddb7b009204fa6b02bea293673cea3eb59ccde8

  • SSDEEP

    1536:1OPhlosUoAarDX1JJfx3m4axLYNsp42idXe6Q:1OPlfJJ52BRkPQ6Q

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c4c7f0afaf1039507c8a0c9f3726de4.exe
    "C:\Users\Admin\AppData\Local\Temp\5c4c7f0afaf1039507c8a0c9f3726de4.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:4788
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c copy C:\Users\Admin\AppData\Local\Temp\ife.txt "C:\PROGRA~1\INTERN~1\ieframe.dll" /a
      2⤵
      • Drops file in Program Files directory
      PID:3200

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ife.txt

    Filesize

    396KB

    MD5

    fc9c53c31e0c1e81e92567add52a9b65

    SHA1

    fb1d22852613ce4df9e78750943cc29e4cbe2144

    SHA256

    b878f2a15d2d405df41a6065482e9cf0b0520d50dc81357f76bb5e329882e0de

    SHA512

    29697364ee294b9b062f7725108ff71fa94468aa47b08921c15f01aa310473cd7e5748f6be220d01fd635f783bc042ac5a95b3bb6a3c12c4874c47624b6ffb02

  • C:\Users\Admin\AppData\Local\Temp\nss7FA2.tmp\nsExec.dll

    Filesize

    6KB

    MD5

    e54eb27fb5048964e8d1ec7a1f72334b

    SHA1

    2b76d7aedafd724de96532b00fbc6c7c370e4609

    SHA256

    ff00f5f7b8d6ca6a79aebd08f9625a5579affcd09f3a25fdf728a7942527a824

    SHA512

    c9ddd19484a6218f926295a88f8776aff6c0a98565714290485f9b3b53e7b673724946defed0207064d6ab0b1baa7cb3477952f61dbe22947238d3f5802fa4f4

  • C:\Users\Admin\AppData\Local\Temp\nss7FA2.tmp\time.dll

    Filesize

    10KB

    MD5

    38977533750fe69979b2c2ac801f96e6

    SHA1

    74643c30cda909e649722ed0c7f267903558e92a

    SHA256

    b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

    SHA512

    e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53