Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
30s -
max time network
33s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
05/09/2024, 15:50
General
-
Target
FModel.exe
-
Size
30.3MB
-
MD5
b4ebf2a58ad70f931c581e639cfe88c4
-
SHA1
3f2ac147cdd474c22cf54e40dcfb7863e8494369
-
SHA256
616580b4f0292b2a93b957cca624683a7b8d750807ab6c0ef9dda6e6920ca1cf
-
SHA512
eb09e5035bb776b97bd96a4582d24b72dc199b54f14c724b161c4bdc1b21f273432a53eda4ff7d45ae03e3bcd3920e1fe1d028959de919b0df3d3fb396c4db18
-
SSDEEP
196608:AxxDjECsn99bg7s3dwzJD3Z40DbTlqWchPL/TUyuVyAh+TZOENCzVknONqV5m4n0:Axx3ECOF3dwtCER/sZOzGnOY55n0
Malware Config
Signatures
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\FModel.exe"C:\Users\Admin\AppData\Local\Temp\FModel.exe"1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
569KB
MD5f2db01967705b62aecef3cd3e5a28e4d
SHA14bcc73614cb8fd2b0bce8d0f91ee5f3202d9d624
SHA25619452ae1abae65e1305d3818354d4fae7b1200294322f0d9c6d5ddeb7bd9f978
SHA512d442fa32e7490bfb39ebf052d2d81cb52b504c26f25a710e83e3ef1e57abc428b3ee8d942777666af25c991ba84c458fa84cccccefcef67212499edfe5ac3a4c
-
Filesize
119KB
MD52adb5439b8b14ebaf379614ec5f567da
SHA1af1ddb91a9f7544ff0c5ceb6d398e0cde417a02c
SHA2568876b9bf6eee5bb3244237beb9e5223be46002fc815fdc086485b90013c804e5
SHA512de721d6a29ce2cb59ca1ab5555432aca2571c2b58ccc02cd84e1ed7982a7d8629c181f7d12453b5de640f22e93bb1af1fb7e6e866e1719c1fb53cff59082706e