Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
11/03/2024, 02:57
Static task
static1
Behavioral task
behavioral1
Sample
bd8d336710cbf212a9627eb20389d134.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bd8d336710cbf212a9627eb20389d134.exe
Resource
win10v2004-20240226-en
General
-
Target
bd8d336710cbf212a9627eb20389d134.exe
-
Size
98KB
-
MD5
bd8d336710cbf212a9627eb20389d134
-
SHA1
c709f7feaeca83c32397a389fff5aa6c1209cb4f
-
SHA256
4dabbababa38207a2ceda09c3ff496b5710fe83ee87bdd3ecfa5203cda719136
-
SHA512
0b8bf28d027c81739fd6216f1c99b3f961a0569aa721f7695864be80a9cabfd4fc845ce3db2003e47dcdabd17409f37cec85c587fe0447a057c11aa2c0825292
-
SSDEEP
1536:V6QFElP6n+gMQMOtEvwDpjQGYQbN/PKwNgpYa:V6a+pOtEvwDpjtzA
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation bd8d336710cbf212a9627eb20389d134.exe -
Executes dropped EXE 1 IoCs
pid Process 4284 asih.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 116 wrote to memory of 4284 116 bd8d336710cbf212a9627eb20389d134.exe 99 PID 116 wrote to memory of 4284 116 bd8d336710cbf212a9627eb20389d134.exe 99 PID 116 wrote to memory of 4284 116 bd8d336710cbf212a9627eb20389d134.exe 99
Processes
-
C:\Users\Admin\AppData\Local\Temp\bd8d336710cbf212a9627eb20389d134.exe"C:\Users\Admin\AppData\Local\Temp\bd8d336710cbf212a9627eb20389d134.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:116 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:4284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3932 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:81⤵PID:896
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
98KB
MD56b2a61aa3ce956a8f038d0660262bad9
SHA1f399dc009b2954e7d1c13f380bc26548cf4630c5
SHA256a90e0f270e70684fb4540011ac5d1f92c76adceea10560b23439c1a79e9b48d5
SHA51256b5b5beadbfa8df3f39059ae60664a5c523efb66bfa2bf1eb79c993dfd95876f2d19380a6311ffeb4b67763d5ffe8aab5ba885e5a2a29a49baf4c500a2c1a04