Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
11/03/2024, 19:35
Static task
static1
Behavioral task
behavioral1
Sample
c16ca5f218a546d6e366de26b1662d86.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c16ca5f218a546d6e366de26b1662d86.exe
Resource
win10v2004-20240226-en
General
-
Target
c16ca5f218a546d6e366de26b1662d86.exe
-
Size
744KB
-
MD5
c16ca5f218a546d6e366de26b1662d86
-
SHA1
d88ddd6a68106e5fd01ba49a5bbd5cd2c83189c3
-
SHA256
0ed3e6a0dfbaaefa5365705000a9413cdcc80af611764e9aeb5f252de5e2052b
-
SHA512
23344cf65143e88a77ddb581dbae982cbcc8f959d5b57472b0199c6c8ca7a5510f1e60bb8f1516dbef6f6175438ff1aee5ac73521d2194f815acd92858ad71f2
-
SSDEEP
12288:uaHc64b888888888888W888888888889jscV7TdjL47zdU5imqsX3sv33rD+zG/S:F86IIW7uvmQBsHUezG/aYFkJR30F6rpn
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2264 c16ca5f218a546d6e366de26b1662d86.tmp -
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
description flow ioc HTTP User-Agent header 23 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5096 wrote to memory of 2264 5096 c16ca5f218a546d6e366de26b1662d86.exe 95 PID 5096 wrote to memory of 2264 5096 c16ca5f218a546d6e366de26b1662d86.exe 95 PID 5096 wrote to memory of 2264 5096 c16ca5f218a546d6e366de26b1662d86.exe 95
Processes
-
C:\Users\Admin\AppData\Local\Temp\c16ca5f218a546d6e366de26b1662d86.exe"C:\Users\Admin\AppData\Local\Temp\c16ca5f218a546d6e366de26b1662d86.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:5096 -
C:\Users\Admin\AppData\Local\Temp\is-QDTQA.tmp\c16ca5f218a546d6e366de26b1662d86.tmp"C:\Users\Admin\AppData\Local\Temp\is-QDTQA.tmp\c16ca5f218a546d6e366de26b1662d86.tmp" /SL5="$100052,371795,121344,C:\Users\Admin\AppData\Local\Temp\c16ca5f218a546d6e366de26b1662d86.exe"2⤵
- Executes dropped EXE
PID:2264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1424 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:81⤵PID:416
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD534acc2bdb45a9c436181426828c4cb49
SHA15adaa1ac822e6128b8d4b59a54d19901880452ae
SHA2569c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07
SHA512134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb