Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1s -
max time network
4s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06/04/2024, 21:35
Static task
static1
Behavioral task
behavioral1
Sample
satan.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
satan.exe
Resource
win10v2004-20240226-en
General
-
Target
satan.exe
-
Size
184KB
-
MD5
c9c341eaf04c89933ed28cbc2739d325
-
SHA1
c5b7d47aef3bd33a24293138fcba3a5ff286c2a8
-
SHA256
1a0a2fd546e3c05e15b2db3b531cb8e8755641f5f1c17910ce2fb7bbce2a05b7
-
SHA512
7cfa6ec0be0f5ae80404c6c709a6fd00ca10a18b6def5ca746611d0d32a9552f7961ab0ebf8a336b27f7058d700205be7fcc859a30d7d185aa9457267090f99b
-
SSDEEP
3072:H8SIBtQnE7OhssdWJ5jy392aCmCbBq0ryEbh/Wl7hqU6Q4NJ15xgDbvSY5thfRb3:c7qvhssdu5jyYaCmCQVE6hqUI5sb9Rb3
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 54 IoCs
pid Process 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe 868 satan.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\satan.exe"C:\Users\Admin\AppData\Local\Temp\satan.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
PID:868 -
C:\Users\Admin\AppData\Local\Temp\satan.exe"C:\Users\Admin\AppData\Local\Temp\satan.exe"2⤵PID:1544
-
C:\Users\Admin\AppData\Roaming\Qigoy\xicyy.exe"C:\Users\Admin\AppData\Roaming\Qigoy\xicyy.exe"3⤵PID:3740
-
C:\Users\Admin\AppData\Roaming\Qigoy\xicyy.exe"C:\Users\Admin\AppData\Roaming\Qigoy\xicyy.exe"4⤵PID:1972
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp_f6414448.bat"3⤵PID:3200
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
67KB
MD598bcf6d5352b2bfcbb0f20d282b06f8f
SHA1d36103010e02705567344b7af1cfdc827b044f79
SHA256f6a78ed057a4f006cdff47c49decbc5ae4f684ac6bf3afdf4f19797eb1d60280
SHA5128c68df047576cb6e82f25522c7c05c56ea6289369bf271194db6494dfcf79f89d8caa9c5f685f009d9704af32ba799f9abf133af06602d32c913ab8b36c97be7