Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1758s -
max time network
1165s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
20/05/2024, 09:03
Static task
static1
Behavioral task
behavioral1
Sample
moduladordevoz.exe
Resource
win10v2004-20240508-en
General
-
Target
moduladordevoz.exe
-
Size
380KB
-
MD5
fdc726071430ada68e117f6f12f01322
-
SHA1
2daa8755f47713b00c1dbefe7d9c8e4c5690518b
-
SHA256
2bfc1657c918035fab5fa2da8e4e76d54cf9b65ac1e65dcdede65cc19a6771f6
-
SHA512
a5cb35ea0e5c6bb4553d258bcad76ea52db30370e84a065d6ca4e2924b08e6d2af85f6cde5dc99fc7c4e4396408a4fb390e2401026ae9698c1fcca3380f0aaeb
-
SSDEEP
6144:TMM8fApOSxvbaiwb7AyT21XOHxXAsEbzd/CAuQ0ykuyoJlbOSvT+Pn1IB:N8f8vbad7Aya0R47uZuxJ7vT+/C
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation moduladordevoz.exe -
Executes dropped EXE 1 IoCs
pid Process 100 TalkAny.exe -
Loads dropped DLL 3 IoCs
pid Process 100 TalkAny.exe 100 TalkAny.exe 100 TalkAny.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 100 TalkAny.exe 100 TalkAny.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1508 wrote to memory of 100 1508 moduladordevoz.exe 94 PID 1508 wrote to memory of 100 1508 moduladordevoz.exe 94 PID 1508 wrote to memory of 100 1508 moduladordevoz.exe 94
Processes
-
C:\Users\Admin\AppData\Local\Temp\moduladordevoz.exe"C:\Users\Admin\AppData\Local\Temp\moduladordevoz.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1508 -
C:\Temp\Ogif\TalkAny\TalkAny.exe"C:\Temp\Ogif\TalkAny\TalkAny.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:100
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
78KB
MD52cb4f99812841f5271ea9fce41dddb46
SHA1f4cb27de41b7c4138c1438eb79a4f3468b56f57e
SHA2569297f69236b296238096baa1e9d00567fc74409b5a7ebe2565da71b27fcdc5cb
SHA512e256da1350e600707a961ec155d6c34bad21a08fc5b7d8b14defe70b018a1473e5dc1cebe05139b902289bc995953db86139a64e6e0ff06bd62d85cf7654346c
-
Filesize
317KB
MD563ebdcc2ea86671601af678535aaaf9d
SHA1680d14d8ad355f542677c1f0ae02d2f6c7b08ba9
SHA2564e261dcdf4eca118cf75c39b2f52d5b00888de820df9e4e868183a039f25e98b
SHA512d105a4cb3e40bd1cbf18bf60335df54bc7b1f78a6af236bd1acbacbe2e1268b98b3331edae923a40b7db3de2393cc20e5209258b126116234dadcce1a4c203e4
-
Filesize
65KB
MD51e522006e572619dabe8713ebc83c27f
SHA1b7a574f6763c405cac18d5930d4538ccf70d3824
SHA256ccc3c0b35b42ef40e116a8ba5e6f40c1f303e00f6d6c31c9a9eac5994b1d5294
SHA5127451e0de0c38709e965f473e5b721ef40760955cec58659abc5d60d2b6e8bb28b0fa15bcacdc194fa412563c97b6150c5708fdf2ec198054a48a212386b47ab7
-
Filesize
534KB
MD5bbc3687e84989e3f70f2179ba9a458b3
SHA17059147afcd22233c1180fa386414b8e9f8bc10c
SHA25649534e847f24fdd727ada248666c5ebbbf7cefff54443df1dd56240cccb50a97
SHA512e66f6881fb5e3f4a7911fd8edfae82f88d4c4089eab2efb180fbc5c0860edd298c85d838426e0ba4cec0d392ae76c470fcb442b9699c841d5919e008e5a5fac5