Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
25/03/2024, 13:38
Static task
static1
Behavioral task
behavioral1
Sample
de2310fa8ae58fac0857a8d868d30a5b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
de2310fa8ae58fac0857a8d868d30a5b.exe
Resource
win10v2004-20240226-en
General
-
Target
de2310fa8ae58fac0857a8d868d30a5b.exe
-
Size
27KB
-
MD5
de2310fa8ae58fac0857a8d868d30a5b
-
SHA1
3308997e14249bc58a4e1b1bd0d752c3664a30a4
-
SHA256
77aaca79b369a7c8b6d39e019babaf24b7eb6ddec47f275332649f5d9a06fecf
-
SHA512
07607864fb1b40616e0a88030e1f6eecd66205283078f1a07e2ceeb7e8b541c831f9fe3f4cf06bceeb7f81da577bbfd037a78e8ef263629892f3ab26d892257d
-
SSDEEP
384:Psg7s+NENANJxjE3SahqB0OXS1qp0g+0lKQHCJYzu+4Wwqt71/Gpn3Kl7UoHtLoG:PHWA3uSahqqC0gPcYzu+0g/GpeNLd
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 112 winudpmgr.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center = "winudpmgr.exe" de2310fa8ae58fac0857a8d868d30a5b.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\winudpmgr.exe de2310fa8ae58fac0857a8d868d30a5b.exe File opened for modification C:\Windows\winudpmgr.exe de2310fa8ae58fac0857a8d868d30a5b.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4268 wrote to memory of 112 4268 de2310fa8ae58fac0857a8d868d30a5b.exe 97 PID 4268 wrote to memory of 112 4268 de2310fa8ae58fac0857a8d868d30a5b.exe 97 PID 4268 wrote to memory of 112 4268 de2310fa8ae58fac0857a8d868d30a5b.exe 97
Processes
-
C:\Users\Admin\AppData\Local\Temp\de2310fa8ae58fac0857a8d868d30a5b.exe"C:\Users\Admin\AppData\Local\Temp\de2310fa8ae58fac0857a8d868d30a5b.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4268 -
C:\Windows\winudpmgr.exe"C:\Windows\winudpmgr.exe"2⤵
- Executes dropped EXE
PID:112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1032 --field-trial-handle=2700,i,14629483171127516024,12350888228055326066,262144 --variations-seed-version /prefetch:81⤵PID:1880
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
27KB
MD5de2310fa8ae58fac0857a8d868d30a5b
SHA13308997e14249bc58a4e1b1bd0d752c3664a30a4
SHA25677aaca79b369a7c8b6d39e019babaf24b7eb6ddec47f275332649f5d9a06fecf
SHA51207607864fb1b40616e0a88030e1f6eecd66205283078f1a07e2ceeb7e8b541c831f9fe3f4cf06bceeb7f81da577bbfd037a78e8ef263629892f3ab26d892257d