Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
07/04/2024, 00:02
Static task
static1
Behavioral task
behavioral1
Sample
a5cb0ce193b7041a4c0b899dd0642c6a4816c85bdc28c29d31ae3abc6c50d78b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a5cb0ce193b7041a4c0b899dd0642c6a4816c85bdc28c29d31ae3abc6c50d78b.exe
Resource
win10v2004-20240226-en
General
-
Target
a5cb0ce193b7041a4c0b899dd0642c6a4816c85bdc28c29d31ae3abc6c50d78b.exe
-
Size
145KB
-
MD5
7559bf3cfd57470b2f3966cdb437bc2c
-
SHA1
a73e47fd139fb86ba6e88d584f1e67684625420a
-
SHA256
a5cb0ce193b7041a4c0b899dd0642c6a4816c85bdc28c29d31ae3abc6c50d78b
-
SHA512
6b6fc3e76e5d3b3f051fb062cbfb57bcaa1504f7316e0736703ddfbe84e3b2bdfe862d649f6dc97c94c59c2660e233288b4e89ed21a5f0b6ac4f8fdb68f09757
-
SSDEEP
3072:+apQLsjnOYOKOpGQ2ly+4yHyisr7O8CMFPv3yJDUKb80v4:+aIsfQ28+4R7T5vrsX4
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 2732 qhdqeom.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\qhdqeom.exe a5cb0ce193b7041a4c0b899dd0642c6a4816c85bdc28c29d31ae3abc6c50d78b.exe File created C:\PROGRA~3\Mozilla\ijdurdi.dll qhdqeom.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a5cb0ce193b7041a4c0b899dd0642c6a4816c85bdc28c29d31ae3abc6c50d78b.exe"C:\Users\Admin\AppData\Local\Temp\a5cb0ce193b7041a4c0b899dd0642c6a4816c85bdc28c29d31ae3abc6c50d78b.exe"1⤵
- Drops file in Program Files directory
PID:5084
-
C:\PROGRA~3\Mozilla\qhdqeom.exeC:\PROGRA~3\Mozilla\qhdqeom.exe -tgbfvga1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2732
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
145KB
MD564fa377fb3e18cb5d8c17085b20a4f23
SHA15da1a85ec686576babada76ed0f9d341aaaafd29
SHA256650bc67ff05eacc5f5752d8d87f7392a9b338804ccb05d095e3e95d72a9255fc
SHA5126e8b0235d883358eb1b8ee6cf89d8e6154c15b6036d87037359ef9444276d2492faa262a5a37985b5ef3267f639098da84762e3526f409fd7271f071bf82a39f