Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
05/03/2024, 14:32
Static task
static1
Behavioral task
behavioral1
Sample
b4eeea8f4234fb822b735b5dc011cc2b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b4eeea8f4234fb822b735b5dc011cc2b.exe
Resource
win10v2004-20240226-en
General
-
Target
b4eeea8f4234fb822b735b5dc011cc2b.exe
-
Size
744KB
-
MD5
b4eeea8f4234fb822b735b5dc011cc2b
-
SHA1
496d358081cb5fcc29164c72298126d351dfc89d
-
SHA256
72868ade3b34bb7a205963a166a56392f2aa889036481c3a27435273db54df24
-
SHA512
14cdacf90ad93b8d9d7f612b1740d81b9ac6c1046b5c1fec8713144608ef45b95c2509b712bfb3058ee23cd81573e65066fb523f5424a3d4d2d1aa8f1f2e9706
-
SSDEEP
12288:MRygSktU4g/n/t0EW5A0zymvJwQ5oAlK+G6Kv+QIk6AQQ52LvRg0865wVbH9:QptU4gf2EW5A2RJr/kIKvFIk6zX+
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4712 360Safe.exe -
Drops file in Program Files directory 3 IoCs
description ioc Process File opened for modification C:\Program Files\360safe\360Safe.exe b4eeea8f4234fb822b735b5dc011cc2b.exe File opened for modification C:\Program Files\360safe\360Safe.exe 360Safe.exe File created C:\Program Files\360safe\360Safe.exe b4eeea8f4234fb822b735b5dc011cc2b.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\uninstal.bat b4eeea8f4234fb822b735b5dc011cc2b.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 0 2980 b4eeea8f4234fb822b735b5dc011cc2b.exe Token: 0 4712 360Safe.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2980 wrote to memory of 4888 2980 b4eeea8f4234fb822b735b5dc011cc2b.exe 100 PID 2980 wrote to memory of 4888 2980 b4eeea8f4234fb822b735b5dc011cc2b.exe 100 PID 2980 wrote to memory of 4888 2980 b4eeea8f4234fb822b735b5dc011cc2b.exe 100
Processes
-
C:\Users\Admin\AppData\Local\Temp\b4eeea8f4234fb822b735b5dc011cc2b.exe"C:\Users\Admin\AppData\Local\Temp\b4eeea8f4234fb822b735b5dc011cc2b.exe"1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2980 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\uninstal.bat2⤵PID:4888
-
-
C:\Program Files\360safe\360Safe.exe"C:\Program Files\360safe\360Safe.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:4712
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
744KB
MD5b4eeea8f4234fb822b735b5dc011cc2b
SHA1496d358081cb5fcc29164c72298126d351dfc89d
SHA25672868ade3b34bb7a205963a166a56392f2aa889036481c3a27435273db54df24
SHA51214cdacf90ad93b8d9d7f612b1740d81b9ac6c1046b5c1fec8713144608ef45b95c2509b712bfb3058ee23cd81573e65066fb523f5424a3d4d2d1aa8f1f2e9706
-
Filesize
190B
MD5d532741e608df3185362fbac87cd61ee
SHA155c2ad0ba02fc294c36f0cd81685b5cc3b09b576
SHA2566573ba25d559566c6f8c4461c6fd32e199fffb282b5a4bc86de1efe753ddee8c
SHA512efa7159bb2b652b788dc2e3713f3c91964eeca847d3cac482968da67c68116248e671d8ebb0a09b4d7574b61b3883b480380b298772671d7f412161c102775e9