Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
124s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
09/07/2020, 10:15
Static task
static1
Behavioral task
behavioral1
Sample
c2fee2b62f6f1f590770ee79393edda6c147e3e31fa1425684ad18226850989a.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
c2fee2b62f6f1f590770ee79393edda6c147e3e31fa1425684ad18226850989a.exe
Resource
win10v200430
0 signatures
0 seconds
General
-
Target
c2fee2b62f6f1f590770ee79393edda6c147e3e31fa1425684ad18226850989a.exe
-
Size
152KB
-
MD5
2cf4391c2b6f03bbe182ad06dfb61e67
-
SHA1
ed68d5051dc7bc1b26d28f664a494a13f41650f0
-
SHA256
c2fee2b62f6f1f590770ee79393edda6c147e3e31fa1425684ad18226850989a
-
SHA512
9c29d79f8ba12ab85cef3f0003fb96be888de58fae1be487fec4000e7e5e531ba570bc283c724d2929375ead9906e6873815a8af6be1e3a0776f46ba6921c8f3
Score
8/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 992 wrote to memory of 2008 992 c2fee2b62f6f1f590770ee79393edda6c147e3e31fa1425684ad18226850989a.exe 70 PID 992 wrote to memory of 2008 992 c2fee2b62f6f1f590770ee79393edda6c147e3e31fa1425684ad18226850989a.exe 70 PID 992 wrote to memory of 2008 992 c2fee2b62f6f1f590770ee79393edda6c147e3e31fa1425684ad18226850989a.exe 70 -
Executes dropped EXE 1 IoCs
pid Process 2008 bdif.exe -
NTFS ADS 1 IoCs
description ioc Process File created \??\c:\programdata\e6533cd889\bdif.exe:Zone.Identifier c2fee2b62f6f1f590770ee79393edda6c147e3e31fa1425684ad18226850989a.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c2fee2b62f6f1f590770ee79393edda6c147e3e31fa1425684ad18226850989a.exe"C:\Users\Admin\AppData\Local\Temp\c2fee2b62f6f1f590770ee79393edda6c147e3e31fa1425684ad18226850989a.exe"1⤵
- Suspicious use of WriteProcessMemory
- NTFS ADS
PID:992 -
\??\c:\programdata\e6533cd889\bdif.exec:\programdata\e6533cd889\bdif.exe2⤵
- Executes dropped EXE
PID:2008
-