Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
07/04/2024, 18:23
Static task
static1
Behavioral task
behavioral1
Sample
08e2c4cab6f6714c9684e197ec95e52174bf8d8238bf46ef3656e98ef0e132aa.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
08e2c4cab6f6714c9684e197ec95e52174bf8d8238bf46ef3656e98ef0e132aa.exe
Resource
win10v2004-20240226-en
General
-
Target
08e2c4cab6f6714c9684e197ec95e52174bf8d8238bf46ef3656e98ef0e132aa.exe
-
Size
180KB
-
MD5
e12021fd82eb6f5ceedd204aff7cac61
-
SHA1
f2cbc4b55eb80c5e3346abdc5010c95ff7395ab8
-
SHA256
08e2c4cab6f6714c9684e197ec95e52174bf8d8238bf46ef3656e98ef0e132aa
-
SHA512
40ad240a03f43983943f58ef153e37ef9c7e207505f22b9b3d5e3cb88d2ad8529029b38ef2d8d0c1d3def3997cebd2d31a229475ceb986268868635b8f7b1e36
-
SSDEEP
3072:6chyinW3ky2yCvryQUFrUUOxjnw89JnszQcJdX9:ain4kB+ZUUOxF52dX9
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 2372 gfuniul.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\gfuniul.exe 08e2c4cab6f6714c9684e197ec95e52174bf8d8238bf46ef3656e98ef0e132aa.exe File created C:\PROGRA~3\Mozilla\kzlcazd.dll gfuniul.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\08e2c4cab6f6714c9684e197ec95e52174bf8d8238bf46ef3656e98ef0e132aa.exe"C:\Users\Admin\AppData\Local\Temp\08e2c4cab6f6714c9684e197ec95e52174bf8d8238bf46ef3656e98ef0e132aa.exe"1⤵
- Drops file in Program Files directory
PID:860
-
C:\PROGRA~3\Mozilla\gfuniul.exeC:\PROGRA~3\Mozilla\gfuniul.exe -lfdzfzd1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2372
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD57055424a4ce404171dbb6d8e10140e8e
SHA1e5cc42ad4b6da598f4b926254fa6fe88ce860ac1
SHA256411bd1dced55148fb14da33d63f6ed72861b45fbc753a27a0a254088eaf178a6
SHA5125b23dc54543df839ed9b1dd686540fc5e0b3c92555657f2cca6542b1b5251152bbdc954cea368dced4e4a01db59de4956c4f42e6c9c70ec45fffa1ce16ce4624