Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
27/03/2024, 23:57
Static task
static1
Behavioral task
behavioral1
Sample
c253c1ce5b84972f259627ebb9e02f963c977ea4581d2a71df0727c9e3154eff.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c253c1ce5b84972f259627ebb9e02f963c977ea4581d2a71df0727c9e3154eff.exe
Resource
win10v2004-20240226-en
General
-
Target
c253c1ce5b84972f259627ebb9e02f963c977ea4581d2a71df0727c9e3154eff.exe
-
Size
79KB
-
MD5
25f14759c42111d16846293dfda5abab
-
SHA1
92e12ec8de614bc601868883159fea1b9815b1e4
-
SHA256
c253c1ce5b84972f259627ebb9e02f963c977ea4581d2a71df0727c9e3154eff
-
SHA512
0aebbb4f3a87522ccb632a757b67a5e8e419fe97772259b7c389e0251dc061b1dc57fdbb7a94b4f731bb3edab1410b3afcd686bf484850d888937e844d43a6d3
-
SSDEEP
1536:zvJhQ75mZBMZsOQA8AkqUhMb2nuy5wgIP0CSJ+5yFB8GMGlZ5G:zvcc4DGdqU7uy5w9WMyFN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3660 [email protected] -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 3636 wrote to memory of 1900 3636 c253c1ce5b84972f259627ebb9e02f963c977ea4581d2a71df0727c9e3154eff.exe 93 PID 3636 wrote to memory of 1900 3636 c253c1ce5b84972f259627ebb9e02f963c977ea4581d2a71df0727c9e3154eff.exe 93 PID 3636 wrote to memory of 1900 3636 c253c1ce5b84972f259627ebb9e02f963c977ea4581d2a71df0727c9e3154eff.exe 93 PID 1900 wrote to memory of 3660 1900 cmd.exe 94 PID 1900 wrote to memory of 3660 1900 cmd.exe 94 PID 1900 wrote to memory of 3660 1900 cmd.exe 94
Processes
-
C:\Users\Admin\AppData\Local\Temp\c253c1ce5b84972f259627ebb9e02f963c977ea4581d2a71df0727c9e3154eff.exe"C:\Users\Admin\AppData\Local\Temp\c253c1ce5b84972f259627ebb9e02f963c977ea4581d2a71df0727c9e3154eff.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3636 -
C:\Windows\SysWOW64\cmd.exePID:1900
-
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:3660
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4104 --field-trial-handle=3084,i,11997299123381683778,5904351605020331957,262144 --variations-seed-version /prefetch:81⤵PID:3272
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD5cf9037233719ccabbbe9c8eac9aba04f
SHA13694030ed63dec429c77554edbf69d3c562d3920
SHA25699d5d461f6361aaf29d22555de6b8ad163583c31f5000d0ee270af9a6a812f01
SHA512eedb03dfdb6127f6bbf41d53da2b1a8ec821c8cb16fe06f7411d63b79d3f43eb615e2c4abcfe3ac3dd28adacbd6b85c0d81e024cbffe7781e2add36329227c79