Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
129s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
24/01/2024, 01:18
Static task
static1
Behavioral task
behavioral1
Sample
710ef31527a7b35eba1edf43d8ee4a1f.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
710ef31527a7b35eba1edf43d8ee4a1f.exe
Resource
win10v2004-20231215-en
General
-
Target
710ef31527a7b35eba1edf43d8ee4a1f.exe
-
Size
113KB
-
MD5
710ef31527a7b35eba1edf43d8ee4a1f
-
SHA1
4e1df07d81b6f5b8c7b929639d6a1c90dcdb9895
-
SHA256
1450707f9fa1c4209c2b50a0d11d4d669bd2a8ec75da17b1550a44e0f892745d
-
SHA512
0bd0a3159cfe796aab30ecaf622381c7cdc4fbccb649dde90cbac983f09f1280bb108102e94d996023eedd3a70a0c74c6178b003664f1ca0ac99fcdc9164cbdb
-
SSDEEP
3072:vhTDRkQ6E50IsXz0b+45p3fwoYGX2Jt1b3Mk5LL604FIb:vhTDRkQ6E50fD0b+4vvyGX2JHb8k5LLD
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\Control Panel\International\Geo\Nation 710ef31527a7b35eba1edf43d8ee4a1f.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 1 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier 710ef31527a7b35eba1edf43d8ee4a1f.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 788 wrote to memory of 4440 788 710ef31527a7b35eba1edf43d8ee4a1f.exe 88 PID 788 wrote to memory of 4440 788 710ef31527a7b35eba1edf43d8ee4a1f.exe 88 PID 788 wrote to memory of 4440 788 710ef31527a7b35eba1edf43d8ee4a1f.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\710ef31527a7b35eba1edf43d8ee4a1f.exe"C:\Users\Admin\AppData\Local\Temp\710ef31527a7b35eba1edf43d8ee4a1f.exe"1⤵
- Checks computer location settings
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:788 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Hxb..bat" > nul 2> nul2⤵PID:4440
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
210B
MD5be56bf46288e81f6e8149a84f956992d
SHA1dd584cccc953f3f583e16cd757ae0ea260a3c0e1
SHA2566996a1185fc011bae99b5932e23d1c03870acfa13add0032d739ab6e43fd2b7b
SHA512b27aa4f5deb59bb83cf02abd58558929931002bb8d0b1a441ad9db9b7c6f81b8708c0ac4b373ab2c9461877135661cca75a2568598e1e51b68ad192fd2ced6bd