Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
04/03/2024, 13:50
Static task
static1
Behavioral task
behavioral1
Sample
b24950938d76bae4c97176c7794cd96d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b24950938d76bae4c97176c7794cd96d.exe
Resource
win10v2004-20240226-en
General
-
Target
b24950938d76bae4c97176c7794cd96d.exe
-
Size
40KB
-
MD5
b24950938d76bae4c97176c7794cd96d
-
SHA1
2e1c8746df7f9a8739ec7fae091e43b0e5b828d0
-
SHA256
b146af68e7e5574de82e90684e8383a4a274005d48be616ca45a98aa98974a41
-
SHA512
973c2f9a01217f3458c833b5e3165712a483a400a0f29477049009e0ae599ed430014e7e941b929225366ced173c634ff6d83ee5dd6f7dc15b2b497c3cebea15
-
SSDEEP
768:aq9m/ZsybSg2ts4L3RLc/qjhsKmHbk1+qJ0UtHd:aqk/Zdic/qjh8w19JDHd
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3744 services.exe -
resource yara_rule behavioral2/files/0x000700000002322d-4.dat upx behavioral2/memory/3744-6-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/3744-13-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/3744-17-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/3744-21-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/3744-22-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/3744-26-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/3744-121-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/3744-145-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/3744-148-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/3744-152-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/3744-171-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/3744-202-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/3744-245-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/3744-291-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral2/memory/3744-322-0x0000000000400000-0x0000000000408000-memory.dmp upx -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" b24950938d76bae4c97176c7794cd96d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" services.exe -
Drops file in Windows directory 3 IoCs
description ioc Process File created C:\Windows\services.exe b24950938d76bae4c97176c7794cd96d.exe File opened for modification C:\Windows\java.exe b24950938d76bae4c97176c7794cd96d.exe File created C:\Windows\java.exe b24950938d76bae4c97176c7794cd96d.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1036 wrote to memory of 3744 1036 b24950938d76bae4c97176c7794cd96d.exe 87 PID 1036 wrote to memory of 3744 1036 b24950938d76bae4c97176c7794cd96d.exe 87 PID 1036 wrote to memory of 3744 1036 b24950938d76bae4c97176c7794cd96d.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\b24950938d76bae4c97176c7794cd96d.exe"C:\Users\Admin\AppData\Local\Temp\b24950938d76bae4c97176c7794cd96d.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1036 -
C:\Windows\services.exe"C:\Windows\services.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:3744
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
312B
MD5c15952329e9cd008b41f979b6c76b9a2
SHA153c58cc742b5a0273df8d01ba2779a979c1ff967
SHA2565d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7
SHA5126aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296
-
Filesize
312B
MD55431b34b55fc2e8dfe8e2e977e26e6b5
SHA187cf8feeb854e523871271b6f5634576de3e7c40
SHA2563d7c76daab98368a0dd25cd184db039cdd5d1bc9bd6e9bb91b289119047f5432
SHA5126f309dd924ba012486bcf0e3bafe64899007893ea9863b6f4e5428384ad23d9942c74d17c42a5cf9922a0e0fd8d61c287a2288a945a775586125d53376b9325c
-
Filesize
305B
MD5157431349a057954f4227efc1383ecad
SHA169ccc939e6b36aa1fabb96ad999540a5ab118c48
SHA2568553409a8a3813197c474a95d9ae35630e2a67f8e6f9f33b3f39ef4c78a8bfac
SHA5126405adcfa81b53980f448c489c1d13506d874d839925bffe5826479105cbf5ba194a7bdb93095585441c79c58de42f1dab1138b3d561011dc60f4b66d11e9284
-
Filesize
310B
MD52a8026547dafd0504845f41881ed3ab4
SHA1bedb776ce5eb9d61e602562a926d0fe182d499db
SHA256231fe7c979332b82ceccc3b3c0c2446bc2c3cab5c46fb7687c4bb579a8bba7ce
SHA5121f6fa43fc0cf5cbdb22649a156f36914b2479a93d220bf0e23a32c086da46dd37e8f3a789e7a405abef0782e7b3151087d253c63c6cefcad10fd47c699fbcf97
-
Filesize
25B
MD58ba61a16b71609a08bfa35bc213fce49
SHA18374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA2566aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA5125855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1
-
Filesize
304B
MD5cde2c6ec81201bdd39579745c69d502f
SHA1e025748a7d4361b2803140ed0f0abda1797f5388
SHA256a81000fc443c3c99e0e653cca135e16747e63bccebd5052ed64d7ae6f63f227f
SHA512de5ca6169b2bb42a452ebd2f92c23bad3a98c01845a875336d6affe7f0192c2782b1f66f149019c0b880410c836fc45b2e9157dcccc7ad0d9e5953521a2151d4
-
Filesize
40KB
MD520fc00ffd78ee01792dee80ef186c674
SHA1b7adee0a261e9add9dbdb9a393270d1a7deb47d9
SHA256b8dfcc2259d8b6299fd2d68dd3a1c25c81db9f76c8e22f267673899bc3e52162
SHA512f6f78ce27e924d70284a3c212cb2dccef03a8aedc27efcf7ed6c2b82badf915917af930388d424af93480243c96765c56c0d04def279fb59463c8b61b98fbe40
-
Filesize
40KB
MD5d3aef80f38639d8ba14e75c414cbf386
SHA18e6e965428176fe8203b34bd2db097a72ad99dd5
SHA25621181b973d9c93619e21be9cf7b3ffe0b8c693969dcec226bd3cb7de2310cd5e
SHA512a9cb131de7ad060f8b5ee609f2c291e9c8e5046a444829a649375827ea8fcf4653feb8ed256235451c4f5f5003bef4af6570eb4008fd95b9cb067527ce73d982
-
Filesize
1KB
MD5c5fbabf7c75dfd1661dfdc5dfa70a6ed
SHA16423054d7af3efca23c25a95e4c278fbbf999a79
SHA256ef7b85484d91233b6a72512a7fa01cc06448d6f71ab8c8317f6361324ed32b3f
SHA51268049948b3f42740fad956843380fde97dbb2abddb4dfbd608730237920dcd98272cd3b13bbd4775b4dab6f29259eca6a572b00a76070c42207377863f0503f4
-
Filesize
1KB
MD52e8d0bbfae7a3e0846cf23026f5e19da
SHA1bdade7af13287f649bb63d31b6bb54699eb726fc
SHA25642523e23635f48fc774cb16b9e794a053e505960126fdfa044070e02cec599f9
SHA5123fdf265e2d774cdd8ad4a8e2d400c4ca09ff9dde18ad6a3e9d94075a7a7b881ca9aada39ed1ca9040ef85881eac67c98875135dd93939bd3c534effdc2f851ed
-
Filesize
1KB
MD59fa385f7be1cf83fae6eab9721ba3964
SHA1a4edf92941e6f0bc6328b231dd8ea39dce03328f
SHA25666a8b113967ce46a40b899548027d39b1b9ce3065b225c24e9c3051958e630d3
SHA512804ab0f7c6bef3704f74e811cc7cd6363a76a03d853c1350e6de0fe59ed0706b2764e2983e805a77bc2ca69584dd2c38e5015ce62578c497bbbc5e0e5f7c666f
-
Filesize
1KB
MD577265cb963352df433452eabd82fe922
SHA172286f72d418ffaf48e74e68e414faf1485ee6fe
SHA256986d2ed33f2faaf7d64b6bc3ffd7eef9c3b3903af7d59582642f699f05eb3d5f
SHA512bbb2fcf2ede13e44589c1825701497110978eea54deab292f71b777b598112238d8a9ba71ec666a19f330abfea928721648ead4f2111f46a707c4c1b41a33ce5
-
Filesize
8KB
MD5b0fe74719b1b647e2056641931907f4a
SHA1e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA5129c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2