Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    92s
  • max time network
    110s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/04/2024, 00:02

General

  • Target

    a5cb0ce193b7041a4c0b899dd0642c6a4816c85bdc28c29d31ae3abc6c50d78b.exe

  • Size

    145KB

  • MD5

    7559bf3cfd57470b2f3966cdb437bc2c

  • SHA1

    a73e47fd139fb86ba6e88d584f1e67684625420a

  • SHA256

    a5cb0ce193b7041a4c0b899dd0642c6a4816c85bdc28c29d31ae3abc6c50d78b

  • SHA512

    6b6fc3e76e5d3b3f051fb062cbfb57bcaa1504f7316e0736703ddfbe84e3b2bdfe862d649f6dc97c94c59c2660e233288b4e89ed21a5f0b6ac4f8fdb68f09757

  • SSDEEP

    3072:+apQLsjnOYOKOpGQ2ly+4yHyisr7O8CMFPv3yJDUKb80v4:+aIsfQ28+4R7T5vrsX4

Score
8/10

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5cb0ce193b7041a4c0b899dd0642c6a4816c85bdc28c29d31ae3abc6c50d78b.exe
    "C:\Users\Admin\AppData\Local\Temp\a5cb0ce193b7041a4c0b899dd0642c6a4816c85bdc28c29d31ae3abc6c50d78b.exe"
    1⤵
    • Drops file in Program Files directory
    PID:5084
  • C:\PROGRA~3\Mozilla\qhdqeom.exe
    C:\PROGRA~3\Mozilla\qhdqeom.exe -tgbfvga
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:2732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\qhdqeom.exe

    Filesize

    145KB

    MD5

    64fa377fb3e18cb5d8c17085b20a4f23

    SHA1

    5da1a85ec686576babada76ed0f9d341aaaafd29

    SHA256

    650bc67ff05eacc5f5752d8d87f7392a9b338804ccb05d095e3e95d72a9255fc

    SHA512

    6e8b0235d883358eb1b8ee6cf89d8e6154c15b6036d87037359ef9444276d2492faa262a5a37985b5ef3267f639098da84762e3526f409fd7271f071bf82a39f

  • memory/2732-10-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

  • memory/2732-11-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

  • memory/2732-12-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

  • memory/2732-16-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

  • memory/5084-0-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

  • memory/5084-1-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

  • memory/5084-2-0x00000000004F0000-0x00000000004F2000-memory.dmp

    Filesize

    8KB

  • memory/5084-3-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

  • memory/5084-9-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB