Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
15/04/2024, 03:11
Static task
static1
Behavioral task
behavioral1
Sample
极速音码4.3版.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
极速音码4.3版.exe
Resource
win10v2004-20240412-en
General
-
Target
极速音码4.3版.exe
-
Size
2.6MB
-
MD5
705cc717392ad313589b252947aef6a9
-
SHA1
4f76abc31e28e3b9b8e418d6a3ab6c3b2d65e859
-
SHA256
c47c4076bfcc44dae795a1ac587f85834d4e493fc13f58a3631d8ac7450fe8d1
-
SHA512
e57033f9433866dde72c20d74bf564dd8710bbf9b6096102091a8c502225e73d91c3661c4bf32186a3567fc5a0b9f85fdeb37602f3052b352ac541dfa8ae6424
-
SSDEEP
49152:dxa01KN5PmcsuUkPBUJtCY//x+wm2pSLiICmjvCXAzsWGSFOWf1j0Oeci:va012Vmc8kPYS2oLXjCks7SFnNo
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 4480 setup.exe 1668 is-F22JC.tmp -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2244 wrote to memory of 4480 2244 极速音码4.3版.exe 85 PID 2244 wrote to memory of 4480 2244 极速音码4.3版.exe 85 PID 2244 wrote to memory of 4480 2244 极速音码4.3版.exe 85 PID 4480 wrote to memory of 1668 4480 setup.exe 87 PID 4480 wrote to memory of 1668 4480 setup.exe 87 PID 4480 wrote to memory of 1668 4480 setup.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\极速音码4.3版.exe"C:\Users\Admin\AppData\Local\Temp\极速音码4.3版.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2244 -
C:\Users\Admin\AppData\Local\Temp\7zS5E8B.tmp\setup.exe.\setup.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4480 -
C:\Users\Admin\AppData\Local\Temp\is-6BEPM.tmp\is-F22JC.tmp"C:\Users\Admin\AppData\Local\Temp\is-6BEPM.tmp\is-F22JC.tmp" /SL4 $C0052 C:\Users\Admin\AppData\Local\Temp\7zS5E8B.tmp\setup.exe 121458 506883⤵
- Executes dropped EXE
PID:1668
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5aed9ba94e20e6687a1fb1c7a76b59b8e
SHA12142c0c749e264af09f07534305e1ff82e3372a0
SHA256f20f87c2494a0a883acad5ae2dbe98a71916bacc8383d4cb76bdc11435ce5359
SHA51297f0a57f15077f1baa9021fa075da55e3eb7f039da7fe38dce384856fb4a50ab36a1ed0f56b763d17c2e3c9d13e37b24689189345105e52412f7db3a3bcb34a6
-
Filesize
13KB
MD55a613ceff1bfd5dd5c3d609959993c2b
SHA1580b48b3e8b4284e860c4640f0127b96f3bc0c4c
SHA2567edd81934d0420bcd929f413ece4b9ae4a2b7923bac9cd13ee4c13cec08bcc34
SHA512f42a54384baac8479ef1be9dcb90399ad1628e36355527626da3338082d34b1c5f254f4cd641cd54dd305d9d9c17cb88d21510f8a67bef09e38dd44b77a91a20
-
Filesize
327KB
MD5c8312539183238da82cad059956be573
SHA1e94b880a8bc82e04ea64c527fd80bae291edf31c
SHA256d4584d5ce4110012c3c71f099d5684232da42618ef9a093440b60781879f0c7c
SHA51237ae31434085ba9f94d22ba117fa2af4f9e769b19e338cd0248e37c633b4d94e3db9970a6a913f52c2744c0dfea0beccdf4c4a7d192bb7f709cf5188eedd60b3
-
Filesize
1KB
MD5aa3ea266eaad357e8a8c8c085a184690
SHA171c533913d27f7e59dae4e36d74015acb6717077
SHA256f2dd3e21e456589365d680b6ff8367f7fe17f78fbc3757a986ad21c224464005
SHA5128d4ea7212791705bd9f94402824217a77d1ce124cf52a4c07fe7da628719bb23f62f73f8fd667379d42c35e1978b449ed57dd641f5bafe5653da2cd79ea6e5b1
-
Filesize
572KB
MD50d0622f7d2fd629455a028d7e1cb1c07
SHA182bdfc15f188241c535d7a42f0f95c99d0913bf4
SHA256ab0982c120a65adc3aa898af09ad923c9b896edfc52f7d206798c5fdf59d8f5a
SHA512eb5a930c1ba85b9cdb60a65fcead39592f7a1b87985d927580bbdb9f8682087291a4eac9f5b2f7c8d4aa7abff78ce8c53dd7285bd7be8572cb65ade906e8807a