Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
16/03/2024, 09:15
General
-
Target
cdabfe66fc80501cdedcd3fe3d54f52f.exe
-
Size
22.1MB
-
MD5
cdabfe66fc80501cdedcd3fe3d54f52f
-
SHA1
235fe120625e5596b287aa3b243a2f304947bb34
-
SHA256
cd553ca816d9ed51f4d6da1a4cbd2f31e480a47764d5480433f5f2b032c99495
-
SHA512
627eaaabd440f620039281735d3f6f484a096c7b84d7f8ffee8fdcc202f53113ee3a3091bb029799d8d8e501306258bfa4d18332a001a1077821bcefc9de713a
-
SSDEEP
393216:BVQEwIs7x/YqwoczqjhOFnjbWD9PtWFBZFuUyk0fI+1yZI:BKosGsXtW7ZFv7rZI
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 16 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cdabfe66fc80501cdedcd3fe3d54f52f.exe"C:\Users\Admin\AppData\Local\Temp\cdabfe66fc80501cdedcd3fe3d54f52f.exe"1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\SnapStream Media\Installers\2507\MsiWebBootStrap.exe"C:\Program Files (x86)\SnapStream Media\Installers\2507\MsiWebBootStrap.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
112KB
MD5d136b4df85f5786d58c38db5f9223485
SHA1124f09fdd4fae86647d65fd6a0cd7b0c92015287
SHA256717074e244078a168614fd956a39c3a54a02c2a772a980faf26e8bf63792c973
SHA51273fef55cb36069af80e776737a6bead502d2182ce9097c9a82fb9f593378c111417288b2dd80646c60017cef602b880753a2d44d81c4b732a3ccc0ae67dca6de
-
Filesize
4KB
MD5d206a3079d4a04b16326ddb6254f10ee
SHA1632b0231bf797b06db48ce496a67ef9a49627662
SHA2560ecc4fa37f5f331f7a86d42b0bcf1fe350092a6882e8b0f3dd76c9c22a697b8b
SHA51282c022a5f0709a6f38d940d3139f52cee7749116c8dac2aef37cf6333b205b00ca98c5cf597fcb2e00391a2a76b84f16ba9c23882f8e487cee2f7215610ab048
-
Filesize
340KB
MD586f1895ae8c5e8b17d99ece768a70732
SHA1d5502a1d00787d68f548ddeebbde1eca5e2b38ca
SHA2568094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe
SHA5123b7ce2b67056b6e005472b73447d2226677a8cadae70428873f7efa5ed11a3b3dbf6b1a42c5b05b1f2b1d8e06ff50dfc6532f043af8452ed87687eefbf1791da
-
Filesize
80KB
MD506eea85a956ac4fea21ee997e73d78c3
SHA10426c5d1683d5d05cdc1504ae0c255ff92f6ed98
SHA256001107fd73f1a82f993190dfae53d63f38aa1025ee69f97fe66a67d9f43c2272
SHA512f5ba47e1048f34628d4bd9600c8016dac9ec000be48303dd1b5030f6953b7d3130d3172f7b4386b813cc4817539f4e2f4f91fb8c9a6fe18d4c3fed6a004f9d85
-
Filesize
144KB
-
Filesize
144KB