Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
14/08/2024, 09:32
Static task
static1
Behavioral task
behavioral1
Sample
MT103 swift copy.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
MT103 swift copy.exe
Resource
win10v2004-20240802-en
General
-
Target
MT103 swift copy.exe
-
Size
831KB
-
MD5
5bd6fc793026df7e9afeea69d8ad2d06
-
SHA1
15d698923e1e9cc1269fcd2677b8d4cc976b29ba
-
SHA256
3a8cd4cbcabcc59b3b845e3db862425d9a2dbec034ff2ccd87e9ad219357488f
-
SHA512
386a583f2eb598a908a10c2b3753fa14200b1ee4f6ab3ce6926d4519136c712d8504272dac423457d9ac56ce60e0e506445fd1f83bce9de72601197c9d6db1a2
-
SSDEEP
24576:q5pL35i55QOcJmVRFBQE0+iWeuUMhlrPBy0:qLti55N1VrBQERiWeLMHJ
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2136 set thread context of 2316 2136 MT103 swift copy.exe 95 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MT103 swift copy.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 2316 MT103 swift copy.exe 2316 MT103 swift copy.exe 2316 MT103 swift copy.exe 2316 MT103 swift copy.exe 2316 MT103 swift copy.exe 2316 MT103 swift copy.exe 2316 MT103 swift copy.exe 2316 MT103 swift copy.exe 2316 MT103 swift copy.exe 2316 MT103 swift copy.exe 2316 MT103 swift copy.exe 2316 MT103 swift copy.exe 2316 MT103 swift copy.exe 2316 MT103 swift copy.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2136 wrote to memory of 2316 2136 MT103 swift copy.exe 95 PID 2136 wrote to memory of 2316 2136 MT103 swift copy.exe 95 PID 2136 wrote to memory of 2316 2136 MT103 swift copy.exe 95 PID 2136 wrote to memory of 2316 2136 MT103 swift copy.exe 95 PID 2136 wrote to memory of 2316 2136 MT103 swift copy.exe 95 PID 2136 wrote to memory of 2316 2136 MT103 swift copy.exe 95
Processes
-
C:\Users\Admin\AppData\Local\Temp\MT103 swift copy.exe"C:\Users\Admin\AppData\Local\Temp\MT103 swift copy.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2136 -
C:\Users\Admin\AppData\Local\Temp\MT103 swift copy.exe"C:\Users\Admin\AppData\Local\Temp\MT103 swift copy.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2316
-