Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
154s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
08/03/2024, 20:11
Static task
static1
Behavioral task
behavioral1
Sample
71fa3de0c8cad03a07907393714fd607841d0e8f7912a09ed8b4129bf4521e83.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
71fa3de0c8cad03a07907393714fd607841d0e8f7912a09ed8b4129bf4521e83.exe
Resource
win10v2004-20240226-en
General
-
Target
71fa3de0c8cad03a07907393714fd607841d0e8f7912a09ed8b4129bf4521e83.exe
-
Size
99KB
-
MD5
d15d8b590feb07f09ed7fea980c8a4bc
-
SHA1
13b75454ce609c0a1fa08e8bdaf62a743b03b633
-
SHA256
71fa3de0c8cad03a07907393714fd607841d0e8f7912a09ed8b4129bf4521e83
-
SHA512
412b7779d71040341259e8ab5897ddb1f214969991efa4058de304e617b6af10d2f1be2c4671c92fea78c197e33c89b0f1f0a52b02997bc0a2b82918da733a86
-
SSDEEP
1536:3nrhX6MhUYlmVTrufyOzy7kgzHKza5SMwXRTWxkwTl8YTi1GNMiW/65MwFyiq:Xh6M5l+fufyVzHKztCpaAgv
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1952 guzakbet.exe -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 76 checkip.dyndns.org -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4820 wrote to memory of 1952 4820 71fa3de0c8cad03a07907393714fd607841d0e8f7912a09ed8b4129bf4521e83.exe 88 PID 4820 wrote to memory of 1952 4820 71fa3de0c8cad03a07907393714fd607841d0e8f7912a09ed8b4129bf4521e83.exe 88 PID 4820 wrote to memory of 1952 4820 71fa3de0c8cad03a07907393714fd607841d0e8f7912a09ed8b4129bf4521e83.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\71fa3de0c8cad03a07907393714fd607841d0e8f7912a09ed8b4129bf4521e83.exe"C:\Users\Admin\AppData\Local\Temp\71fa3de0c8cad03a07907393714fd607841d0e8f7912a09ed8b4129bf4521e83.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4820 -
C:\Users\Admin\AppData\Local\Temp\guzakbet.exeC:\Users\Admin\AppData\Local\Temp\guzakbet.exe2⤵
- Executes dropped EXE
PID:1952
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
99KB
MD596c5c2492f70d016e78acfd9722fe97c
SHA10467aee44e7a36a8dd76b2a0150ca07878136d03
SHA2569a1ec1ec895bf90c60b66bb6daa44f442bf82b7af107f5f69e655421d963f9bc
SHA5122fb466374f8bd13e67b5bd3b11fda2087667191438ca9a7e594e118ec720db481e5b395d1fcc84431ca38362181ffbeb083d0a117178d9841e155eb3dd7417dd