Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1800s -
max time network
1176s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
27/06/2024, 17:25
Static task
static1
Behavioral task
behavioral1
Sample
loader.exe
Resource
win11-20240508-en
General
-
Target
loader.exe
-
Size
5.0MB
-
MD5
c679369a7270cb8f284b96ba9325b007
-
SHA1
c33955d7a9f44ab9ef7e67031960fcbb13690714
-
SHA256
a0fb1568891680d66efb9f545ed1cdc9c8124d96e220cbdd8b618769be6e6083
-
SHA512
081152540c6579c0cd27f201f8b0a8956a1debc58c538c47dc88a99aa64929ca28f2eb9b3229d61618c6d979d583cfeca6a930d3dc56ff6f138989774372079f
-
SSDEEP
98304:Hc/jJ36G67LQVRzp6ELW++55YhTO1mv3JbYyIeq1SWdeHV6IKpqAMX0O54cy0:8NqoXzpbKKOQRbGv6HAHwXsf0
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2288 loader.exe -
Loads dropped DLL 9 IoCs
pid Process 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe 2288 loader.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2288 loader.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1604 wrote to memory of 2288 1604 loader.exe 78 PID 1604 wrote to memory of 2288 1604 loader.exe 78 PID 2288 wrote to memory of 3964 2288 loader.exe 79 PID 2288 wrote to memory of 3964 2288 loader.exe 79
Processes
-
C:\Users\Admin\AppData\Local\Temp\loader.exe"C:\Users\Admin\AppData\Local\Temp\loader.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1604 -
C:\Users\Admin\AppData\Local\Temp\onefile_1604_133639827523418806\loader.exe"C:\Users\Admin\AppData\Local\Temp\loader.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2288 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "start main.exe"3⤵PID:3964
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76KB
MD58140bdc5803a4893509f0e39b67158ce
SHA1653cc1c82ba6240b0186623724aec3287e9bc232
SHA25639715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769
SHA512d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826
-
Filesize
34KB
MD532d36d2b0719db2b739af803c5e1c2f5
SHA1023c4f1159a2a05420f68daf939b9ac2b04ab082
SHA256128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c
SHA512a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1
-
Filesize
76KB
MD5ebefbc98d468560b222f2d2d30ebb95c
SHA1ee267e3a6e5bed1a15055451efcccac327d2bc43
SHA25667c17558b635d6027ddbb781ea4e79fc0618bbec7485bd6d84b0ebcd9ef6a478
SHA512ab9f949adfe9475b0ba8c37fa14b0705923f79c8a10b81446abc448ad38d5d55516f729b570d641926610c99df834223567c1efde166e6a0f805c9e2a35556e3
-
Filesize
96KB
MD5f12681a472b9dd04a812e16096514974
SHA16fd102eb3e0b0e6eef08118d71f28702d1a9067c
SHA256d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8
SHA5127d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2
-
Filesize
120KB
MD56a9ca97c039d9bbb7abf40b53c851198
SHA101bcbd134a76ccd4f3badb5f4056abedcff60734
SHA256e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535
SHA512dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d
-
Filesize
9.7MB
MD5b8e9bd84e2582b428785ae52636ce590
SHA1585d542155d9edd098d236ba89f3d8c52283fbbc
SHA256b39610bf0233ae7c7e1a6230072a65c014ec4c56fa10be7d66ffca2105775141
SHA51221462b75bc60481894d81516827faafbb77605018959f9c5cfd1aa68be7a480e609db8e08049ce37187547d7e5f731a9f4b9de23bfbf34e1613581129c65253e
-
Filesize
64KB
MD534e49bb1dfddf6037f0001d9aefe7d61
SHA1a25a39dca11cdc195c9ecd49e95657a3e4fe3215
SHA2564055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281
SHA512edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856
-
Filesize
5.5MB
MD59a24c8c35e4ac4b1597124c1dcbebe0f
SHA1f59782a4923a30118b97e01a7f8db69b92d8382a
SHA256a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7
SHA5129d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b
-
Filesize
28KB
MD597ee623f1217a7b4b7de5769b7b665d6
SHA195b918f3f4c057fb9c878c8cc5e502c0bd9e54c0
SHA2560046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790
SHA51220edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f