Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
07/04/2024, 00:04
Static task
static1
Behavioral task
behavioral1
Sample
a69981a878709618f303c86cbd049a173cea8270aeac6fbffee91e7e80dd6afc.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a69981a878709618f303c86cbd049a173cea8270aeac6fbffee91e7e80dd6afc.exe
Resource
win10v2004-20240226-en
General
-
Target
a69981a878709618f303c86cbd049a173cea8270aeac6fbffee91e7e80dd6afc.exe
-
Size
294KB
-
MD5
1aa6ba1492260ac57efa79844453071e
-
SHA1
df88da561fd0f601835d5b2c3596ff8403b86cb7
-
SHA256
a69981a878709618f303c86cbd049a173cea8270aeac6fbffee91e7e80dd6afc
-
SHA512
cb4b9ed1a901a225815ee6dee22d0471406a207af681a9839240313c47c67b95758d382734804214aadbd661b6c122d058fe84bf93fd9fdd6d67a141f7122233
-
SSDEEP
6144:3CYJ0xABvBdKFb7204ANePzM5dg999999999V99999999999b89TSbGqJB:yYCxabKJ727RPzM5G999999999V99991
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 1372 ktyqhhb.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\ixnvdrc.dll ktyqhhb.exe File created C:\PROGRA~3\Mozilla\ktyqhhb.exe a69981a878709618f303c86cbd049a173cea8270aeac6fbffee91e7e80dd6afc.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a69981a878709618f303c86cbd049a173cea8270aeac6fbffee91e7e80dd6afc.exe"C:\Users\Admin\AppData\Local\Temp\a69981a878709618f303c86cbd049a173cea8270aeac6fbffee91e7e80dd6afc.exe"1⤵
- Drops file in Program Files directory
PID:5116
-
C:\PROGRA~3\Mozilla\ktyqhhb.exeC:\PROGRA~3\Mozilla\ktyqhhb.exe -arwhcpc1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1372
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
294KB
MD579270eddd673b4bc3c54d5ed6f8eac9d
SHA148724738bb182ddc8776c9ed13aefe3dc2fec8a1
SHA2568847b9dd3fc0f998ced95c9fc4d7228cd4e6c742b96e0a9f5b6b77a4ae428f09
SHA5127739799c832a0465b7fd718b5cc8f85a32a56dae7d086e4f252d4d702532b92a8647b1a5b08020a810e986335babbb4097846151a9798c939084d5de6a46bc49