Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
15/03/2024, 02:15
Static task
static1
Behavioral task
behavioral1
Sample
a3067d007b70614dccb5663d8febae43.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a3067d007b70614dccb5663d8febae43.exe
Resource
win10v2004-20240226-en
General
-
Target
a3067d007b70614dccb5663d8febae43.exe
-
Size
43KB
-
MD5
a3067d007b70614dccb5663d8febae43
-
SHA1
78be8cf5ff73b12021d6d93f90603a377a5178b3
-
SHA256
092f0e970f4830a8b5b2705bf572c478993f3c4a974accd71a3b21d64559ae1a
-
SHA512
29183b0eda0c8ddaf610ca6bcd4f72b11941cd9a491d1f37de0395936871a037ddaeb41adfbc89e08e1771923fc97bfa227ad0b8b9b6b3d39863593cc67ca179
-
SSDEEP
768:bxNQIE0eBhkL2Fo1CCwgfjOg1tsJ6zeen754XcwxbFp1Rr:bxNrC7kYo1Fxf3s05rwxbF79
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation a3067d007b70614dccb5663d8febae43.exe -
Executes dropped EXE 1 IoCs
pid Process 3892 pissa.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5028 wrote to memory of 3892 5028 a3067d007b70614dccb5663d8febae43.exe 89 PID 5028 wrote to memory of 3892 5028 a3067d007b70614dccb5663d8febae43.exe 89 PID 5028 wrote to memory of 3892 5028 a3067d007b70614dccb5663d8febae43.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\a3067d007b70614dccb5663d8febae43.exe"C:\Users\Admin\AppData\Local\Temp\a3067d007b70614dccb5663d8febae43.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:5028 -
C:\Users\Admin\AppData\Local\Temp\pissa.exe"C:\Users\Admin\AppData\Local\Temp\pissa.exe"2⤵
- Executes dropped EXE
PID:3892
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
43KB
MD53073de13c05cc17d50b7b72778ac9d00
SHA1dbd5cdfd7804c7036d9255c5eb4f53913fdda9f8
SHA256e4297168186e79ae7cd2dffaec834165b1d24a3206e8c1c00cec4e0fece004df
SHA512de314c8a2c0ef33de54ab8bfb7e858e71866fe16cbe6e7c06be1127d26af717b35690b685f82fb1a7d9766ee7b0cca18ca3c6ad2ba0a5c17f72ad77fe253e742