Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
24/01/2024, 02:43
General
-
Target
774d2de5a283b80065f2907c16a3ec02.exe
-
Size
604KB
-
MD5
774d2de5a283b80065f2907c16a3ec02
-
SHA1
8b65ee77f337f0967774f12729d2630c7031b564
-
SHA256
c79a698dbdd0e68ccaf999f3cf8cc3514e05ce5010619722ac6fe12741e8e869
-
SHA512
d9818e426e455b0150251eadfc97d0fb1a462a6d01c3718616bdab47702e5a347b440c210f0d3d7183abb573a8855354f3893bb9006bcb924ea4392c44d8aaba
-
SSDEEP
6144:Q+M2cnUTJ1Zwv80utvvq81vggUNqulq+p/VQUQfuT3QnxzBlw91wZOiRPPN8xrzG:Q+M2cnwZV0utvvqpqulq+TZyzjPVUFKD
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\774d2de5a283b80065f2907c16a3ec02.exe"C:\Users\Admin\AppData\Local\Temp\774d2de5a283b80065f2907c16a3ec02.exe"1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\RT240124.exe"C:\Users\Admin\AppData\Local\Temp\RT240124.exe" /Restore "C:\Users\Admin\AppData\Local\Temp\774d2de5a283b80065f2907c16a3ec02"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
604KB
MD5774d2de5a283b80065f2907c16a3ec02
SHA18b65ee77f337f0967774f12729d2630c7031b564
SHA256c79a698dbdd0e68ccaf999f3cf8cc3514e05ce5010619722ac6fe12741e8e869
SHA512d9818e426e455b0150251eadfc97d0fb1a462a6d01c3718616bdab47702e5a347b440c210f0d3d7183abb573a8855354f3893bb9006bcb924ea4392c44d8aaba