Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25/01/2024, 01:52
General
-
Target
736cafa831b40e66fe1c41a5db6e5926.exe
-
Size
1.1MB
-
MD5
736cafa831b40e66fe1c41a5db6e5926
-
SHA1
edfdbbacd95b4353f7dd9f7e73f04f400954bc98
-
SHA256
f87dc94bb2343d1693a87c773f53a793f5a8b5f589cd9048a6533c8db8e41abe
-
SHA512
b34185f31444243fdf38206d72d27f5254dd43a13147f73ef7b4da1ab698f8a894cf0954d3319c37dab55034a35ee9fb573712ba2f610c24a1a02e19035f89d2
-
SSDEEP
24576:VMKso1KxHzTDfGOH4T48mAymAyMhCn8BezIN6fkXcyPF+u9QzGR0nalY7e5cPytM:VMKsEizT7cT48mnmlMhCn8BezIN6fkXz
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\736cafa831b40e66fe1c41a5db6e5926.exe"C:\Users\Admin\AppData\Local\Temp\736cafa831b40e66fe1c41a5db6e5926.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\~sfx001FA9A326\In-Cyber.com.exe"C:\Users\Admin\AppData\Local\Temp\~sfx001FA9A326\In-Cyber.com.exe"2⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b
-
Filesize
48KB
MD567d1e153ac4b4eef355c8ef653b8a972
SHA15b1c7b72ad0531bfe2df24b9987f778381de450a
SHA25668bf6675a9c2669fdf1d4f82de364197f2534e8f0673c46f71447f0ccd7bb8cd
SHA512869cbba2d94b16cb13adcf0ec100451d183ac785d30ac55929ba147d9eb12342d494b058e656b5048038d2719d92a30aef4075ea42b12460022f791a8ed4f423
-
Filesize
654KB
MD518b154408485068cb920bb4ea1b64d72
SHA158ad3ce31b4b0416d2cf108c576d67776db35ba7
SHA2560ed22c66d4d02b8c4c97924de0c7491c89729aa15987f1c22bae68888df6674d
SHA512ee82208e018f94f39e926f74a15119eb0823bb3dd983e7e152fcab302a8a1c427a0d4b6fd73c411b4891d33c1eb3dd0e11d720c7b69ff83f1fa4833dc1b1cffa
-
Filesize
268KB
MD52722ef18cea318904b47011fa1066cba
SHA13c4a74eadeb9b7f3b3810e8bbe9372974b16b4de
SHA256327dd2fa418229de9fa3b2d05cba24c68566d8239967859634f0acba116265b6
SHA512bc2b9a2f76f7491d8964f400e6a526074460a17eec5ffeb3b7c8931773b0fae45ab9713478285da4e63f08e21c24487fe89ae6b528437b617bfa99cf4c9814e0
-
Filesize
1.1MB
-
Filesize
280KB
-
Filesize
64KB
-
Filesize
32KB
-
Filesize
9.6MB
-
Filesize
4.8MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
624KB
-
Filesize
9.6MB
-
Filesize
304KB
-
Filesize
64KB
-
Filesize
392KB
-
Filesize
664KB
-
Filesize
9.6MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB