Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
13/07/2024, 00:34
Static task
static1
Behavioral task
behavioral1
Sample
1e2f94cfa16f67d84642b91fd593b8a0N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
1e2f94cfa16f67d84642b91fd593b8a0N.exe
Resource
win10v2004-20240709-en
General
-
Target
1e2f94cfa16f67d84642b91fd593b8a0N.exe
-
Size
16KB
-
MD5
1e2f94cfa16f67d84642b91fd593b8a0
-
SHA1
ecac51fe67a037fc5930ce20eab9a7d16296f0a7
-
SHA256
3fad5f75efd9acb197b07ab0f78138310ee1355f8c3500a9b4b37eadcbe50889
-
SHA512
f4adb6f1504e9bb4f6f20b1b14348b9fd3082f99bbfcb9ec2c9bb7679ffcba2f8ec665a5a46a280cecb2da9a8255768a29e76b700d72261f463d666b291ee31b
-
SSDEEP
96:Wg9zN4OlBQToTUusTG8Ycfnp312CAkuw6Xx0uGX6fYihjV:txqONU5hYYptuwQxbGva
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation 1e2f94cfa16f67d84642b91fd593b8a0N.exe -
Executes dropped EXE 1 IoCs
pid Process 5088 budha.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1624 wrote to memory of 5088 1624 1e2f94cfa16f67d84642b91fd593b8a0N.exe 86 PID 1624 wrote to memory of 5088 1624 1e2f94cfa16f67d84642b91fd593b8a0N.exe 86 PID 1624 wrote to memory of 5088 1624 1e2f94cfa16f67d84642b91fd593b8a0N.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\1e2f94cfa16f67d84642b91fd593b8a0N.exe"C:\Users\Admin\AppData\Local\Temp\1e2f94cfa16f67d84642b91fd593b8a0N.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1624 -
C:\Users\Admin\AppData\Local\Temp\budha.exe"C:\Users\Admin\AppData\Local\Temp\budha.exe"2⤵
- Executes dropped EXE
PID:5088
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD598276f2910d163b8641b71920a22ab6c
SHA1107f58f4f19dbe5f0277089f2a8d4681e9451dd8
SHA256ee2b505d99adf62d350eafb4db1f040e4fef2af6e662d837543dfb3a42f96e7a
SHA512a0448b8eeaf98ad21de5fd6c876dedd852b0d089f146ef9f69f31720eecd00f8cf7f442a9824b7bd12e5ebc5dcdade383f8e6fdc4e2d46de99fac37cd21dfb9e