Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240910-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/09/2024, 03:29

General

  • Target

    SecuriteInfo.com.Trojan-Downloader.Autoit.gen.23611.13592.exe

  • Size

    1.2MB

  • MD5

    25937aa2a51937c860b96383e85e02d1

  • SHA1

    aada5a66d3dc5dff736ef8fac8c8d94390ebb258

  • SHA256

    66f8c1cba3ad6b3362dcfc5f59861c2505b2ea55fe8d261562506889983a324d

  • SHA512

    8ddc6df0f303f1ba98763b08116e60646d757cb4f82ffe823ae459ede4867ef7b7227e37979924c1f2119c474be4d426a5726faf40b4c730e0f3fd1aeed63674

  • SSDEEP

    24576:J4lavt0LkLL9IMixoEgeaa3wZoOcT4vv3Naq9MmCS:Ykwkn9IMHeaa3POcuvUaPCS

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan-Downloader.Autoit.gen.23611.13592.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan-Downloader.Autoit.gen.23611.13592.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:808
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan-Downloader.Autoit.gen.23611.13592.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:5116

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\autBF29.tmp

    Filesize

    280KB

    MD5

    ec62d1c35bae3c7e5f4f1d114a1d8b85

    SHA1

    96464a4b45fd409932a9a5959ed4c1bfc9ee6f45

    SHA256

    caa46bf25278cfd5332a1de0dd6154eb4abb21cfc6c33b923fff5f2da079cd3c

    SHA512

    9fe8bee7ebb90d2796d4f50e09042db35ae9c014ff900785776062e2a09b9d0640d3d818f73ff5e324923b467f8c9296892fd7e75db41f734c826ecfbbd49157

  • memory/808-8-0x0000000000B80000-0x0000000000F80000-memory.dmp

    Filesize

    4.0MB

  • memory/5116-9-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

  • memory/5116-10-0x0000000001400000-0x000000000174A000-memory.dmp

    Filesize

    3.3MB

  • memory/5116-11-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

  • memory/5116-12-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB