Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
27/03/2024, 23:53
Static task
static1
Behavioral task
behavioral1
Sample
c0d6ad8a6aab6b38cbd58483420476747afcd7e1722a92780c8054e0307e34df.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
c0d6ad8a6aab6b38cbd58483420476747afcd7e1722a92780c8054e0307e34df.exe
Resource
win10v2004-20240226-en
General
-
Target
c0d6ad8a6aab6b38cbd58483420476747afcd7e1722a92780c8054e0307e34df.exe
-
Size
395KB
-
MD5
ef7cbea327c9b6b03723c7affa16b41d
-
SHA1
9da04d2355a9ad916a33fb0abb633b1332745e1c
-
SHA256
c0d6ad8a6aab6b38cbd58483420476747afcd7e1722a92780c8054e0307e34df
-
SHA512
31f19cbdb0b4dec9c79769e9c797b107d7f86f6b3742a15ac09c4baf55019c8d5c357a9d5aa6c8c9de3b32d9e9b70bb3f7c567bed5b24d02b0fffae91c1bbf0c
-
SSDEEP
6144:AjlYKRF/LReWAsUy/ZQaE3iq3f+vknFCut30+A0EjocN1L8A2R:AjauDReWfQaE3iq3Vkut30uEksq
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3296 brlxq.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows® Operating System = "C:\\ProgramData\\brlxq.exe" brlxq.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3068 wrote to memory of 3296 3068 c0d6ad8a6aab6b38cbd58483420476747afcd7e1722a92780c8054e0307e34df.exe 86 PID 3068 wrote to memory of 3296 3068 c0d6ad8a6aab6b38cbd58483420476747afcd7e1722a92780c8054e0307e34df.exe 86 PID 3068 wrote to memory of 3296 3068 c0d6ad8a6aab6b38cbd58483420476747afcd7e1722a92780c8054e0307e34df.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\c0d6ad8a6aab6b38cbd58483420476747afcd7e1722a92780c8054e0307e34df.exe"C:\Users\Admin\AppData\Local\Temp\c0d6ad8a6aab6b38cbd58483420476747afcd7e1722a92780c8054e0307e34df.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3068 -
C:\ProgramData\brlxq.exe"C:\ProgramData\brlxq.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:3296
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
395KB
MD5bde860bc41da1cf784cc3a009dfc98ad
SHA1e80128c1ccb3dd9d81eceaccad8c4df61a531f61
SHA256a069d3e62356198ea67396cfd56f3284325af89b1eb34acf3c5e9b5b5143f126
SHA512dfdfb6aa5ed731af640e5e85ae64bb536a81c20e8fbada4c1e306df00b97fb4de21ebbb11bd1b7831cbbc2a5c084d1a78776fe37c85b3d672a6b9fbba4a7aa16
-
Filesize
136KB
MD5e80c459f053fdd59ceec0e85a4e8d155
SHA1e54b69e03838bf5e8029a2670fbcbbf90eac1f11
SHA256e088559f06b3f4caea1d06fb246da111c4b88d5e81e9f95eaa99f37e1bda9df4
SHA512719147342d7245a2bc66d4c4b6713064b7a66ad9101cb2d679c4e68a79560970081c843dfa4dfd48d6caec2c42dd0c60a6cdafacadfde513e8b57417d059af9f
-
Filesize
258KB
MD5fc9191988b426d6a3a0981a938ecdde4
SHA14b1b1d116ec6a136b29da49293f29b40a8c8bab3
SHA2564749ee11933d4c0a72d53c518b189a345c5953056758894660a6d766f08b7639
SHA512cd77e9527d95f413907d8a9d1cddb44292bb9f1af2019cbdbf63ac0d90eca4092671ea0524c4cf1ed652bca2972d54a5412b1fcdd119757f98aa3e25dd41f625