Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
136s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
22/07/2024, 23:26
Static task
static1
Behavioral task
behavioral1
Sample
7ea0a3f65a1140ab00b48072d62c75d5bd1712d71ff1af58c58677383907c25d.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
7ea0a3f65a1140ab00b48072d62c75d5bd1712d71ff1af58c58677383907c25d.exe
Resource
win10v2004-20240709-en
General
-
Target
7ea0a3f65a1140ab00b48072d62c75d5bd1712d71ff1af58c58677383907c25d.exe
-
Size
17KB
-
MD5
4ea5e819c37598d86c5be9a35f6300c9
-
SHA1
94e5050630feaf1832ca0407c41272967b610fb6
-
SHA256
7ea0a3f65a1140ab00b48072d62c75d5bd1712d71ff1af58c58677383907c25d
-
SHA512
5188eaebbab1c51b3bdd5269bb3127980bf7870231353b0a0e79f8375e9b432278a17631e892e849b648325e62adeed61d371862b2946bb0ced8af32715cf8b6
-
SSDEEP
384:xiOQWRIga02iBunne0vq0/Cz9W5q5a8t+j:xVhRm0z+rC8Yt+j
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation 7ea0a3f65a1140ab00b48072d62c75d5bd1712d71ff1af58c58677383907c25d.exe -
Executes dropped EXE 1 IoCs
pid Process 704 budha.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 956 wrote to memory of 704 956 7ea0a3f65a1140ab00b48072d62c75d5bd1712d71ff1af58c58677383907c25d.exe 85 PID 956 wrote to memory of 704 956 7ea0a3f65a1140ab00b48072d62c75d5bd1712d71ff1af58c58677383907c25d.exe 85 PID 956 wrote to memory of 704 956 7ea0a3f65a1140ab00b48072d62c75d5bd1712d71ff1af58c58677383907c25d.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\7ea0a3f65a1140ab00b48072d62c75d5bd1712d71ff1af58c58677383907c25d.exe"C:\Users\Admin\AppData\Local\Temp\7ea0a3f65a1140ab00b48072d62c75d5bd1712d71ff1af58c58677383907c25d.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:956 -
C:\Users\Admin\AppData\Local\Temp\budha.exe"C:\Users\Admin\AppData\Local\Temp\budha.exe"2⤵
- Executes dropped EXE
PID:704
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17KB
MD516a4adae13aff62891e8fbd167ce8b24
SHA1086d08e7684969b830275998ef93c4cdb97ecd77
SHA2568899b4bb843b073b1fb8096bf018f021b6f141efd0b889340a9094b0b6d88501
SHA512672676f3fb7fa1661e2d42c913481f81ebb454e69f774521f17c9a22ec17ea44cbd4dc829bce0edba0179bcd9800d856406a0e57193600d8a5f762df76f4c6b6