Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    49s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/05/2024, 03:57

General

  • Target

    d9ea075afe92c246a49e86b9b763d8e859c6d611275a628d982398b62bf1d6ea.exe

  • Size

    94KB

  • MD5

    51c2e02f5852ddf202ddd3bfc3f80cb4

  • SHA1

    0832b2959d15068bc87ae7f36b1098e244b73851

  • SHA256

    d9ea075afe92c246a49e86b9b763d8e859c6d611275a628d982398b62bf1d6ea

  • SHA512

    bc38921bae56393ded4aafca4e276c5ff9082d7255236cbbf8eb2377a3557b4da1c653fa7a9023754991fab423852f6ac67c0ce355c6b4539bfbdbe7785e84e9

  • SSDEEP

    1536:tF0AJELoJHG9qa+oa33KJJzAKWYr0v7iJSzIRXKTzRZICrWaGZh7kr:tiAyLN9qa+oEGrWViJSzIR6JJrWNZqr

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d9ea075afe92c246a49e86b9b763d8e859c6d611275a628d982398b62bf1d6ea.exe
    "C:\Users\Admin\AppData\Local\Temp\d9ea075afe92c246a49e86b9b763d8e859c6d611275a628d982398b62bf1d6ea.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3264
    • C:\ProgramData\Update\WwanSvc.exe
      "C:\ProgramData\Update\WwanSvc.exe" /run
      2⤵
      • Executes dropped EXE
      PID:3672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Update\WwanSvc.exe

    Filesize

    94KB

    MD5

    318cf2d9790ca04579f73ad1729229c5

    SHA1

    489b6746444c7269e65d9ffeafe054b56062ce5e

    SHA256

    e734dc2321970a60ac14b053e46760bc740080964d560265857ca11032740229

    SHA512

    d21320120cbc479a4d043f15307ef7a29d20407a4a10bf49b3994476eb8a8440aa3e97634bdb40275b244b497eba3f66e62b200d53d19153b7f1feee49a072a5