Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240910-en -
resource tags
arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system -
submitted
12/09/2024, 03:29
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan-Downloader.Autoit.gen.23611.13592.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan-Downloader.Autoit.gen.23611.13592.exe
Resource
win10v2004-20240910-en
General
-
Target
SecuriteInfo.com.Trojan-Downloader.Autoit.gen.23611.13592.exe
-
Size
1.2MB
-
MD5
25937aa2a51937c860b96383e85e02d1
-
SHA1
aada5a66d3dc5dff736ef8fac8c8d94390ebb258
-
SHA256
66f8c1cba3ad6b3362dcfc5f59861c2505b2ea55fe8d261562506889983a324d
-
SHA512
8ddc6df0f303f1ba98763b08116e60646d757cb4f82ffe823ae459ede4867ef7b7227e37979924c1f2119c474be4d426a5726faf40b4c730e0f3fd1aeed63674
-
SSDEEP
24576:J4lavt0LkLL9IMixoEgeaa3wZoOcT4vv3Naq9MmCS:Ykwkn9IMHeaa3POcuvUaPCS
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 808 set thread context of 5116 808 SecuriteInfo.com.Trojan-Downloader.Autoit.gen.23611.13592.exe 86 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SecuriteInfo.com.Trojan-Downloader.Autoit.gen.23611.13592.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 5116 svchost.exe 5116 svchost.exe 5116 svchost.exe 5116 svchost.exe 5116 svchost.exe 5116 svchost.exe 5116 svchost.exe 5116 svchost.exe 5116 svchost.exe 5116 svchost.exe 5116 svchost.exe 5116 svchost.exe 5116 svchost.exe 5116 svchost.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 808 SecuriteInfo.com.Trojan-Downloader.Autoit.gen.23611.13592.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 808 SecuriteInfo.com.Trojan-Downloader.Autoit.gen.23611.13592.exe 808 SecuriteInfo.com.Trojan-Downloader.Autoit.gen.23611.13592.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 808 SecuriteInfo.com.Trojan-Downloader.Autoit.gen.23611.13592.exe 808 SecuriteInfo.com.Trojan-Downloader.Autoit.gen.23611.13592.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 808 wrote to memory of 5116 808 SecuriteInfo.com.Trojan-Downloader.Autoit.gen.23611.13592.exe 86 PID 808 wrote to memory of 5116 808 SecuriteInfo.com.Trojan-Downloader.Autoit.gen.23611.13592.exe 86 PID 808 wrote to memory of 5116 808 SecuriteInfo.com.Trojan-Downloader.Autoit.gen.23611.13592.exe 86 PID 808 wrote to memory of 5116 808 SecuriteInfo.com.Trojan-Downloader.Autoit.gen.23611.13592.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan-Downloader.Autoit.gen.23611.13592.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan-Downloader.Autoit.gen.23611.13592.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:808 -
C:\Windows\SysWOW64\svchost.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan-Downloader.Autoit.gen.23611.13592.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5116
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280KB
MD5ec62d1c35bae3c7e5f4f1d114a1d8b85
SHA196464a4b45fd409932a9a5959ed4c1bfc9ee6f45
SHA256caa46bf25278cfd5332a1de0dd6154eb4abb21cfc6c33b923fff5f2da079cd3c
SHA5129fe8bee7ebb90d2796d4f50e09042db35ae9c014ff900785776062e2a09b9d0640d3d818f73ff5e324923b467f8c9296892fd7e75db41f734c826ecfbbd49157