Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
04/03/2024, 14:01
Static task
static1
Behavioral task
behavioral1
Sample
b24e56406167cb4cb867caa07ccdbc62.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
b24e56406167cb4cb867caa07ccdbc62.exe
Resource
win10v2004-20240226-en
General
-
Target
b24e56406167cb4cb867caa07ccdbc62.exe
-
Size
67KB
-
MD5
b24e56406167cb4cb867caa07ccdbc62
-
SHA1
9f28a7f305c84b29c2e615ee814d99e660993b81
-
SHA256
e07d2fe13ff0877fbf1b883e8ba29381a1925fa1b7e1d31caa98737973b89c4f
-
SHA512
beb9c343e0a4ac4fb36197915063faa10b419691069c73672b3dae37c14275e8be098d1ef584e5dc21d9609880100dbf7876d72c61cfe632d6da00c354075b15
-
SSDEEP
1536:pvYKJoteon6I/FDq7BdKCPsttEWi2Ny6Z8ofPatOl+JOpTM:RdJweo6SO7BsCPTP2NytoGslM
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 4296 b24e56406167cb4cb867caa07ccdbc62.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Java = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b24e56406167cb4cb867caa07ccdbc62.exe" b24e56406167cb4cb867caa07ccdbc62.exe -
Suspicious use of SetThreadContext 2 IoCs
description pid Process procid_target PID 4296 set thread context of 4476 4296 b24e56406167cb4cb867caa07ccdbc62.exe 89 PID 4476 set thread context of 764 4476 b24e56406167cb4cb867caa07ccdbc62.exe 90 -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 764 b24e56406167cb4cb867caa07ccdbc62.exe -
Suspicious use of WriteProcessMemory 15 IoCs
description pid Process procid_target PID 4296 wrote to memory of 4476 4296 b24e56406167cb4cb867caa07ccdbc62.exe 89 PID 4296 wrote to memory of 4476 4296 b24e56406167cb4cb867caa07ccdbc62.exe 89 PID 4296 wrote to memory of 4476 4296 b24e56406167cb4cb867caa07ccdbc62.exe 89 PID 4296 wrote to memory of 4476 4296 b24e56406167cb4cb867caa07ccdbc62.exe 89 PID 4296 wrote to memory of 4476 4296 b24e56406167cb4cb867caa07ccdbc62.exe 89 PID 4296 wrote to memory of 4476 4296 b24e56406167cb4cb867caa07ccdbc62.exe 89 PID 4296 wrote to memory of 4476 4296 b24e56406167cb4cb867caa07ccdbc62.exe 89 PID 4476 wrote to memory of 764 4476 b24e56406167cb4cb867caa07ccdbc62.exe 90 PID 4476 wrote to memory of 764 4476 b24e56406167cb4cb867caa07ccdbc62.exe 90 PID 4476 wrote to memory of 764 4476 b24e56406167cb4cb867caa07ccdbc62.exe 90 PID 4476 wrote to memory of 764 4476 b24e56406167cb4cb867caa07ccdbc62.exe 90 PID 4476 wrote to memory of 764 4476 b24e56406167cb4cb867caa07ccdbc62.exe 90 PID 4476 wrote to memory of 764 4476 b24e56406167cb4cb867caa07ccdbc62.exe 90 PID 4476 wrote to memory of 764 4476 b24e56406167cb4cb867caa07ccdbc62.exe 90 PID 4476 wrote to memory of 764 4476 b24e56406167cb4cb867caa07ccdbc62.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\b24e56406167cb4cb867caa07ccdbc62.exe"C:\Users\Admin\AppData\Local\Temp\b24e56406167cb4cb867caa07ccdbc62.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4296 -
C:\Users\Admin\AppData\Local\Temp\b24e56406167cb4cb867caa07ccdbc62.exe"C:\Users\Admin\AppData\Local\Temp\b24e56406167cb4cb867caa07ccdbc62.exe"2⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4476 -
C:\Users\Admin\AppData\Local\Temp\b24e56406167cb4cb867caa07ccdbc62.exe"C:\Users\Admin\AppData\Local\Temp\b24e56406167cb4cb867caa07ccdbc62.exe"3⤵
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:764
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD53880aef024abe7cca3ecb15767f421d0
SHA1926a21081dd46c9b45b167f3a546289dd0fc7a70
SHA256af98bc11be94606f859b595fdd977f904c3cba2a48017fdcf54c3b6170534811
SHA512f0f5acee55bb65d0e26d9e89e118c9399347bfcd56039e140af904aa5dffe519c13bff47bc1bfa08163ddab1b6712e6867f18379b878a7623b4b1d030a26c15e