Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
87s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
07/04/2024, 00:02
Behavioral task
behavioral1
Sample
a58fd625bf63b8a73ef378fe80f7570a26926089df7196dc4254011aaf3b4ed5.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a58fd625bf63b8a73ef378fe80f7570a26926089df7196dc4254011aaf3b4ed5.exe
Resource
win10v2004-20231215-en
General
-
Target
a58fd625bf63b8a73ef378fe80f7570a26926089df7196dc4254011aaf3b4ed5.exe
-
Size
449KB
-
MD5
74fe65d5e23e006e59e09de6e3c92e15
-
SHA1
571424032ebbd55453af2a725357183ef94a23d4
-
SHA256
a58fd625bf63b8a73ef378fe80f7570a26926089df7196dc4254011aaf3b4ed5
-
SHA512
6f13e6e6cc9026b014aabb1ec1e06b756adabe7b8a9fc267a99c1ef234a1a0fd2b3ba5d9f673addd9a2932601200c79157bfe6d995b2cd35f13b7115ae3f1055
-
SSDEEP
12288:NJu6lfyi4fabr9jy4BNKOSuDVh+vh4tH1jo3rqsh2T:N8XfyhLNKQVhKutH1jo3Phu
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 2 IoCs
resource yara_rule behavioral2/memory/2428-0-0x0000000000400000-0x000000000045F000-memory.dmp UPX behavioral2/files/0x000200000001e6ae-6.dat UPX -
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 2644 frviiqj.exe -
resource yara_rule behavioral2/memory/2428-0-0x0000000000400000-0x000000000045F000-memory.dmp upx behavioral2/files/0x000200000001e6ae-6.dat upx -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\frviiqj.exe a58fd625bf63b8a73ef378fe80f7570a26926089df7196dc4254011aaf3b4ed5.exe File created C:\PROGRA~3\Mozilla\sjqrgse.dll frviiqj.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a58fd625bf63b8a73ef378fe80f7570a26926089df7196dc4254011aaf3b4ed5.exe"C:\Users\Admin\AppData\Local\Temp\a58fd625bf63b8a73ef378fe80f7570a26926089df7196dc4254011aaf3b4ed5.exe"1⤵
- Drops file in Program Files directory
PID:2428
-
C:\PROGRA~3\Mozilla\frviiqj.exeC:\PROGRA~3\Mozilla\frviiqj.exe -myayasb1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2644
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
449KB
MD5c9634b9e4dac3039731c06cf47449034
SHA14db197c901064b885714091b3195050059059ab7
SHA256536d929d73cd8e4bbef9f046c0abd2e4c4dd09039053b6d5b9f54f54c0978b61
SHA51255e5f1c2496a2784bf752fff783b02a895d547d4bab070d5afbc7bbb191a8bb85b1d03397a273c88c599fa9ade6d99639b95f88f8cae8faa78796d2c3cb305a7