Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10/04/2024, 18:29
Static task
static1
Behavioral task
behavioral1
Sample
091eb587508e1e9810985c2c1a8ddf6b11854adf0e83830177ec3d0ae71f2205.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
091eb587508e1e9810985c2c1a8ddf6b11854adf0e83830177ec3d0ae71f2205.exe
Resource
win10v2004-20240226-en
General
-
Target
091eb587508e1e9810985c2c1a8ddf6b11854adf0e83830177ec3d0ae71f2205.exe
-
Size
73KB
-
MD5
0674b7da69bf5700192e3df91e6e9c96
-
SHA1
a1513d2c738968811b2f1ea6be74ee66bf3b0600
-
SHA256
091eb587508e1e9810985c2c1a8ddf6b11854adf0e83830177ec3d0ae71f2205
-
SHA512
83b269cdf066a9f4561faba37a012aae017d5504e73eef7ee42679c00c3f7c17ee4c582a97ef4e2a6a1027320190eb47a0385bfaa3adaa98e00d3bd60daa8990
-
SSDEEP
1536:hbv3cJ5g500uSg9K5QPqfhVWbdsmA+RjPFLC+e5h+0ZGUGf2g:h7z00uSqNPqfcxA+HFsh+Og
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4328 [email protected] -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 2848 wrote to memory of 808 2848 091eb587508e1e9810985c2c1a8ddf6b11854adf0e83830177ec3d0ae71f2205.exe 86 PID 2848 wrote to memory of 808 2848 091eb587508e1e9810985c2c1a8ddf6b11854adf0e83830177ec3d0ae71f2205.exe 86 PID 2848 wrote to memory of 808 2848 091eb587508e1e9810985c2c1a8ddf6b11854adf0e83830177ec3d0ae71f2205.exe 86 PID 808 wrote to memory of 4328 808 cmd.exe 87 PID 808 wrote to memory of 4328 808 cmd.exe 87 PID 808 wrote to memory of 4328 808 cmd.exe 87 PID 4328 wrote to memory of 3924 4328 [email protected] 88 PID 4328 wrote to memory of 3924 4328 [email protected] 88 PID 4328 wrote to memory of 3924 4328 [email protected] 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\091eb587508e1e9810985c2c1a8ddf6b11854adf0e83830177ec3d0ae71f2205.exe"C:\Users\Admin\AppData\Local\Temp\091eb587508e1e9810985c2c1a8ddf6b11854adf0e83830177ec3d0ae71f2205.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2848 -
C:\Windows\SysWOW64\cmd.exePID:808
-
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:4328
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c 00.exe4⤵PID:3924
-
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize73KB
MD533e4c7451ac20d54c22dafb89983d4cd
SHA1c1287ad6a56502d343ae94eed8b5e06048936fca
SHA25600ebfb6adff874b6cd930e382ea324302ce74cf21e882e226ee546e2115a2bc8
SHA512856d6e2bfb5ff69a00cf4bea81ccbd7b08418847c3e11c01ea0de342f3489cc3950893ce77092e8c33932e74dea2fa771556dcf5981080bbf4e6bb65dd986729
-
Filesize
2KB
MD57b621943a35e7f39cf89f50cc48d7b94
SHA12858a28cf60f38025fffcd0ba2ecfec8511c197d
SHA256bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991
SHA5124169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1