Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19/08/2024, 00:31
General
-
Target
25ae9ffc0923d21eb32e352f44ba1a10N.exe
-
Size
35KB
-
MD5
25ae9ffc0923d21eb32e352f44ba1a10
-
SHA1
47e5be4738ae32592dbfe6939f94833bdfd05a50
-
SHA256
70bd8aebc5370e22eaacee76f8d566b37404fbce8cda1c3076f1e64bdbd401e2
-
SHA512
21fd7b160403bc99ebea588c01bc0fed7a2a64cb2a3b19cd90cdafae76f863d7f35947c7429831e0fe129a7e953158713fc276384569ebb872ceaa7181e68f53
-
SSDEEP
768:ePyFZFASe0Ep0EpHZplRpqpd6rqxn4p6vghzwYu7vih9GueIh9j2IoHAjUvJw3/m:e6q10k0EFjed6rqJ+6vghzwYu7vih9G9
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\25ae9ffc0923d21eb32e352f44ba1a10N.exe"C:\Users\Admin\AppData\Local\Temp\25ae9ffc0923d21eb32e352f44ba1a10N.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\microsofthelp.exe"C:\Windows\microsofthelp.exe"2⤵
- Deletes itself
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
35KB
MD5043665a3ada168fe99786b36d225dd62
SHA1021aa6f80455fe815e0fe519e2ab4e2942160dff
SHA2568d65ba44fd01d3400782746c1fe8879fc130ebb88ebf71c0cee39a4f4675bdce
SHA5127122c7304b1c128f97263ff4077f6ddf9da6283fa675aa7d3d0e24d2b881e56e10aafcc35b6b5f4aa9dd11d0c26af05d7863343900aa0fdd9422aa8f57596c35
-
Filesize
56KB
-
Filesize
56KB
-
Filesize
56KB