Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
submitted
06/03/2024, 00:43
Behavioral task
behavioral1
Sample
win.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
win.exe
Resource
win10v2004-20240226-en
General
-
Target
win.exe
-
Size
6.8MB
-
MD5
0721b1d0c9c68c18116273f2c293ff21
-
SHA1
dac53205b4ba718542138d90eb56f1641f5807b8
-
SHA256
0c3ee3977deb2ab25d67d6b346b7c96497c4ff18b76678ca990b8493f23248a4
-
SHA512
012ee21fa04e7e361d4565ba81cc8ba256fb48a75cc93c5c6ea1f77f1e69adc3a5c14275dfe358e72b6f41dd67d174c0bbb4ca26d39f9c08168ccbb9d06d3ba9
-
SSDEEP
49152:k92mic7iMnbPvRUAm+ugRkqjR7Q8TOc5KubExvCsNGEgveIXB4IuBNT/IeswF69B:BmP7i+Rf0es5u2BNTAcSE8wIX
Malware Config
Signatures
-
Drops startup file 2 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe cmd.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language win.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 820 wrote to memory of 3304 820 win.exe 87 PID 820 wrote to memory of 3304 820 win.exe 87 PID 820 wrote to memory of 3304 820 win.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\win.exe"C:\Users\Admin\AppData\Local\Temp\win.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:820 -
C:\Windows\SysWOW64\cmd.execmd /Q /C C:\Users\Admin\AppData\Local\Temp/s.bat2⤵
- Drops startup file
- System Location Discovery: System Language Discovery
PID:3304
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
262B
MD5dace4cfc41d54279f64553161c75d806
SHA1d39661eb638c9a278352de505e26e7b044cc8a02
SHA256ba823dd59d178cf2f905e66fde280f8e23feb0eb1e85d281a99ff487f8f01c37
SHA512512e9a434d5a0af2205531dd796ea6d61a37f006261dc4f52d2911672f7222aa76dcc2cddb65b0fa40fb63e9d04ab0608812fa7b5351505c3e30227441ee23ef