Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
15/03/2024, 02:21
Static task
static1
Behavioral task
behavioral1
Sample
ca3d730a970c8976017c04f58c92af52.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ca3d730a970c8976017c04f58c92af52.exe
Resource
win10v2004-20240226-en
General
-
Target
ca3d730a970c8976017c04f58c92af52.exe
-
Size
7.0MB
-
MD5
ca3d730a970c8976017c04f58c92af52
-
SHA1
e53b7cddd5a2d96b775cd6f247c046ed24a02b1e
-
SHA256
5080ed67e57475e333697442dc91ad803ed179fa5760ed69bec0114cee67c282
-
SHA512
1e74a70f761b4f0df39240c37451b043f020011e9c3d0ab3783b0665370d205fe1b72fa98d864b0f7edbdad92169e5d66e621af6ea9836fd3d05e23288f7bd84
-
SSDEEP
49152:EQFRHrmQG+yrjQG+yrmQ8QG+EQG+yrwQG+yromQG+yrtQG+EQG+yrwQG+yrP+yrE:EcKXipzM1JzMsipbsjN
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 232 mrz.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 232 mrz.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 232 mrz.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 232 mrz.exe 232 mrz.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4796 wrote to memory of 232 4796 ca3d730a970c8976017c04f58c92af52.exe 87 PID 4796 wrote to memory of 232 4796 ca3d730a970c8976017c04f58c92af52.exe 87 PID 4796 wrote to memory of 232 4796 ca3d730a970c8976017c04f58c92af52.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\ca3d730a970c8976017c04f58c92af52.exe"C:\Users\Admin\AppData\Local\Temp\ca3d730a970c8976017c04f58c92af52.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4796 -
C:\Users\Admin\AppData\Local\Temp\mrz.exeC:\Users\Admin\AppData\Local\Temp\mrz.exe -run C:\Users\Admin\AppData\Local\Temp\ca3d730a970c8976017c04f58c92af52.exe2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:232
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9.7MB
MD5783d3661c5bb7a36de00f6e447539164
SHA192c5a6a76295982f95f123541b2bbd9fbc21bb93
SHA2567510378f763db16e9734f39168015c67b1e58d8a53c04ed3362491f57377ee74
SHA512120342ea43ab487716484391a817df26be85a2932f47ba37a31733a6806dd8336fd0309c6ac03e35015ef1db19dbee8c80cbaf44cb25440751d299189431d9e9