Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06/03/2024, 14:03
Static task
static1
Behavioral task
behavioral1
Sample
b794c2fb87319baa273d3701cfd97d00.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b794c2fb87319baa273d3701cfd97d00.exe
Resource
win10v2004-20240226-en
General
-
Target
b794c2fb87319baa273d3701cfd97d00.exe
-
Size
301KB
-
MD5
b794c2fb87319baa273d3701cfd97d00
-
SHA1
1c705ed432e445fdd4c510589f170edbdbc08025
-
SHA256
e4ca7f18df4e1559ea90beb02cc444fef003e0094d0c451d1c4746a214dc2c52
-
SHA512
872fcf293ffbf5340fde9351d700b4d1d4e6ad7a38c429a950834cb15c94cbe2942fa3dd59b66fb3fd412cdef33a1aeec4fbc11fa9b55963d5ad12c1d8fb98b0
-
SSDEEP
6144:CUubI04hmcMTRiZ4mWl05WeaqGNJzM0bbxwzIT/pQNc:LubI04hRMTq4r0mrvwzItQN
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 468 ati -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files (x86)\ATI Technologies\ATI\date\ati b794c2fb87319baa273d3701cfd97d00.exe File opened for modification C:\Program Files (x86)\ATI Technologies\ATI\date\ati b794c2fb87319baa273d3701cfd97d00.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\Delete.bat b794c2fb87319baa273d3701cfd97d00.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 468 ati -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 4684 wrote to memory of 2244 4684 b794c2fb87319baa273d3701cfd97d00.exe 94 PID 4684 wrote to memory of 2244 4684 b794c2fb87319baa273d3701cfd97d00.exe 94 PID 4684 wrote to memory of 2244 4684 b794c2fb87319baa273d3701cfd97d00.exe 94 PID 468 wrote to memory of 1504 468 ati 93 PID 468 wrote to memory of 1504 468 ati 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\b794c2fb87319baa273d3701cfd97d00.exe"C:\Users\Admin\AppData\Local\Temp\b794c2fb87319baa273d3701cfd97d00.exe"1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4684 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\Delete.bat2⤵PID:2244
-
-
C:\Program Files (x86)\ATI Technologies\ATI\date\ati"C:\Program Files (x86)\ATI Technologies\ATI\date\ati"1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:468 -
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE"2⤵PID:1504
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
301KB
MD5b794c2fb87319baa273d3701cfd97d00
SHA11c705ed432e445fdd4c510589f170edbdbc08025
SHA256e4ca7f18df4e1559ea90beb02cc444fef003e0094d0c451d1c4746a214dc2c52
SHA512872fcf293ffbf5340fde9351d700b4d1d4e6ad7a38c429a950834cb15c94cbe2942fa3dd59b66fb3fd412cdef33a1aeec4fbc11fa9b55963d5ad12c1d8fb98b0
-
Filesize
186B
MD549e05ec2317537afab74dc8e3f5b00ed
SHA1ff4f356b1259198ddfa5eacb6dc01666692ca1fe
SHA256fd0d87cf3748a3b44b39525abaf395a9afcfc897aa1b13ae0fb4739b441dc365
SHA5125f3401863e914c43eb9a866ba141f2025d1746ece59e524deb8a1668f5fa3689ea8b2ef9e824de919d33cf007471eaa725da22983fb6e33db1e19e0f97b33418