Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
67s -
max time network
50s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
30/04/2024, 03:43
Static task
static1
Behavioral task
behavioral1
Sample
e09fd91a8b3724a42d78e8b72fc0f7e6e8ce91b8fac4a3577b87edd553688743.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e09fd91a8b3724a42d78e8b72fc0f7e6e8ce91b8fac4a3577b87edd553688743.exe
Resource
win10v2004-20240419-en
General
-
Target
e09fd91a8b3724a42d78e8b72fc0f7e6e8ce91b8fac4a3577b87edd553688743.exe
-
Size
148KB
-
MD5
742419f6e299447176e0d02bec42f0e8
-
SHA1
c43c6208e9830f7788775ff648eb85a0714c562f
-
SHA256
e09fd91a8b3724a42d78e8b72fc0f7e6e8ce91b8fac4a3577b87edd553688743
-
SHA512
9400ed5c2021e37bd64eac4cec4aa37580a748147f0790df6751a9f58c67cd333676e7255df513c8c31ee0366d6d4cacd9d81872d02757a1ef7073f7cd52344c
-
SSDEEP
3072:BQ+t4BHNNRGtVJO96P4ZkuB4N6lZ4nEFjimAk/738:Gm4BHNNRGHP4ZLxz4nEF2kjs
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3672 fccarae.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\fccarae.exe e09fd91a8b3724a42d78e8b72fc0f7e6e8ce91b8fac4a3577b87edd553688743.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 2020 3672 WerFault.exe 86 -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3672 fccarae.exe 3672 fccarae.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3672 fccarae.exe -
Suspicious use of WriteProcessMemory 1 IoCs
description pid Process procid_target PID 3672 wrote to memory of 3564 3672 fccarae.exe 56
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3564
-
C:\Users\Admin\AppData\Local\Temp\e09fd91a8b3724a42d78e8b72fc0f7e6e8ce91b8fac4a3577b87edd553688743.exe"C:\Users\Admin\AppData\Local\Temp\e09fd91a8b3724a42d78e8b72fc0f7e6e8ce91b8fac4a3577b87edd553688743.exe"2⤵
- Drops file in Program Files directory
PID:4140
-
-
C:\PROGRA~3\Mozilla\fccarae.exeC:\PROGRA~3\Mozilla\fccarae.exe -cxdgtgc1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3672 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 5082⤵
- Program crash
PID:2020
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3672 -ip 36721⤵PID:4572
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
148KB
MD52b3d9d849fd971a178c31f54c7154af5
SHA1fcb14f137612fa8357b5785f08e6609ba5136c97
SHA2566fcea91da20b5de60ea958f62a92bb908a87f81a1d1acbf3e2e602ed2fe082a9
SHA5128181903c13505bdce4dcd3a9d440a80fd399b1a754f344b4fa6163da94b8d1b0a56c9fa95aee1c5df8a3ec7249dc6aff19608675a3781bccbb384c1f4bf45ceb