Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
19/02/2024, 02:33
Static task
static1
Behavioral task
behavioral1
Sample
628c3e0bc91a322277d1bc6c46f8066a.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
628c3e0bc91a322277d1bc6c46f8066a.exe
Resource
win10v2004-20231215-en
General
-
Target
628c3e0bc91a322277d1bc6c46f8066a.exe
-
Size
36KB
-
MD5
628c3e0bc91a322277d1bc6c46f8066a
-
SHA1
233aedd0e38193ca8192e9f9215d9b55992bf13d
-
SHA256
f9d00500a332ca3da28d064fba3f76635d815286ba25cc28a7dfb56566d0904b
-
SHA512
4cc3dc45c9bcbb277755083a1af18913689d28e3af7d2e75f1654968c1495c2da8ac2a30657d0eb0897891131ab44e668059f997237f91874e4b3085a6a54d50
-
SSDEEP
768:bxNQIE0eBhkL2Fo1CCwgfjOg1tsJ6zeen7JE5Q:bxNrC7kYo1Fxf3s065Q
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Control Panel\International\Geo\Nation 628c3e0bc91a322277d1bc6c46f8066a.exe -
Executes dropped EXE 1 IoCs
pid Process 1392 pissa.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3672 wrote to memory of 1392 3672 628c3e0bc91a322277d1bc6c46f8066a.exe 84 PID 3672 wrote to memory of 1392 3672 628c3e0bc91a322277d1bc6c46f8066a.exe 84 PID 3672 wrote to memory of 1392 3672 628c3e0bc91a322277d1bc6c46f8066a.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\628c3e0bc91a322277d1bc6c46f8066a.exe"C:\Users\Admin\AppData\Local\Temp\628c3e0bc91a322277d1bc6c46f8066a.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3672 -
C:\Users\Admin\AppData\Local\Temp\pissa.exe"C:\Users\Admin\AppData\Local\Temp\pissa.exe"2⤵
- Executes dropped EXE
PID:1392
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD54345e0facad7cd547fdd398d9a248ea2
SHA1c8285b7e019f382e2bc47baf4ac23e0c9e09cc54
SHA256fe38a757419836314f5009b98c8a05c344d0570cb774241e6625dd8239e67ff2
SHA5121ca8806f6ab1c95842b2d7628bf0408c5a8c9d7d683114d02a0285011aa1d0b21bbce2ee8f92ad228e8f46a779dfca15df2fd3086eea6fa2a50acc3379552382