Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    104s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/03/2024, 14:05

General

  • Target

    b250c295ec5bfe1575a29b350a13f688.exe

  • Size

    16KB

  • MD5

    b250c295ec5bfe1575a29b350a13f688

  • SHA1

    53e9d3a4c431cf61a4bbea7eb35a22ce1f4a07d8

  • SHA256

    1b41a17f665da5aa94b2ca75031ade1dd760c8a6bf95e4a5e4cb0563e6200dc5

  • SHA512

    cc6e74b5464c087060947aae65482d727cf28a98c3b6821cb06aefb4988f09c54c385fab95ea0958a8d2d755efbfdc2d1526f53f5464e7d8aa4a9cabad06b519

  • SSDEEP

    384:7lD5mskFAElC7coxnWRXSWCAc7Hq/Umjcodt6dIY:oFMxWjCtJmJvDY

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 5 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
  • Modifies registry class 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b250c295ec5bfe1575a29b350a13f688.exe
    "C:\Users\Admin\AppData\Local\Temp\b250c295ec5bfe1575a29b350a13f688.exe"
    1⤵
    • Adds policy Run key to start application
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Modifies registry class
    PID:2948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\hp730D.tmp

    Filesize

    30KB

    MD5

    aaa4d8f2e5259a64da931b1d99d2a615

    SHA1

    608acb7476ff36f0a7f4254888fe15fa8403097c

    SHA256

    c1951c3add8a86ffff249160c215f1da19c55b25a389856d26925ebe4941732c

    SHA512

    4211beba14922a36284a74526d7cec77b089d225dd624ecd2f335e5880753d70b15e2518c5bda39846cedf94ab2058a0fe07451dc393c327031b86640cc74d8d

  • C:\Windows\SysWOW64\interf.tlb

    Filesize

    6KB

    MD5

    aa8c73f100420cbdfda7ddc4c036d3b5

    SHA1

    fb9d2a76b38464147cd754dafd50878b869876ff

    SHA256

    54db2eb0c7e7bf1b533b58f48a1f1af54fe3df1c2e48de20f1864cc442b5f63b

    SHA512

    e97532d2ced7897e097892de51d36f254d4b01b2ff9c9bfaee6ff661172acde7837dbb530b129dca0bad9f9c65f0109544f4da73e04f137845ccf21dae10880a