Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
18/01/2024, 03:32
Static task
static1
Behavioral task
behavioral1
Sample
645ba00dec0fa5c41d8037fe949e9e7e.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
645ba00dec0fa5c41d8037fe949e9e7e.exe
Resource
win10v2004-20231215-en
General
-
Target
645ba00dec0fa5c41d8037fe949e9e7e.exe
-
Size
1.2MB
-
MD5
645ba00dec0fa5c41d8037fe949e9e7e
-
SHA1
34c45cf4d6155045ff5119d53967cb3e88043495
-
SHA256
5b8f1e1b9c475e7d6b1683de78306a3c11be7f96af1716ab5684414bfeefe195
-
SHA512
c1775adfdd2b5bd59ad0cbb66b51067c332f85e49bb164df36371fe261b13400a8db92a9ca35bafaad4a45d282fa00035a04a0847d3f3964da987995fe89a278
-
SSDEEP
24576:82UFtkhzcInc8Ipyzw3H20lL25G8/UTryECpwAPnuo+y7Ka+LIZ+F/:82kkCIncXEzuFpQGcUTrBaIM7KyQZ
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2084 645ba00dec0fa5c41d8037fe949e9e7e.tmp -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4124 wrote to memory of 2084 4124 645ba00dec0fa5c41d8037fe949e9e7e.exe 89 PID 4124 wrote to memory of 2084 4124 645ba00dec0fa5c41d8037fe949e9e7e.exe 89 PID 4124 wrote to memory of 2084 4124 645ba00dec0fa5c41d8037fe949e9e7e.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\645ba00dec0fa5c41d8037fe949e9e7e.exe"C:\Users\Admin\AppData\Local\Temp\645ba00dec0fa5c41d8037fe949e9e7e.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4124 -
C:\Users\Admin\AppData\Local\Temp\is-31NQC.tmp\645ba00dec0fa5c41d8037fe949e9e7e.tmp"C:\Users\Admin\AppData\Local\Temp\is-31NQC.tmp\645ba00dec0fa5c41d8037fe949e9e7e.tmp" /SL5="$601DE,1016276,54784,C:\Users\Admin\AppData\Local\Temp\645ba00dec0fa5c41d8037fe949e9e7e.exe"2⤵
- Executes dropped EXE
PID:2084
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
670KB
MD5516247fd8f1c4a85d33c7aaeb3c0cee4
SHA186495cd2ee413a7eeb45221f582a28a8cc8435b1
SHA25644d61039358e3f53da33a672f88a6fcdc3fada2e8a11a442f84ce18e6cc0ac06
SHA5125fe9cb6c263b902291a3b4cbc30884d8c1a56b900b67778d698fad231e75137f71a9ee0ce3b01caa3b25a23a251b2104213645f2e6015e72ec3833aa25d1e27a