Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    87s
  • max time network
    134s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    18/05/2021, 03:48

General

  • Target

    1f39bd627dde5fcc894a86bcd46f7e21d40c8ed36188ef671fe0ac92b3440f13.exe

  • Size

    711KB

  • MD5

    d4053e48613bb7d65c0ca99f13b74030

  • SHA1

    d566f5292cb33007fcd76907ff566943c9a4c371

  • SHA256

    1f39bd627dde5fcc894a86bcd46f7e21d40c8ed36188ef671fe0ac92b3440f13

  • SHA512

    b4aa4c976fd061fb2c93b83f28ba23e389d994c034cb4d065fdf0ddba4e9e0192f7782a3194ff2e8b5d83486ffc55171a4a8887772c4a072c531d9c5cb15ab47

Malware Config

Signatures

  • FakeAV, RogueAntivirus

    FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

  • Adds Run key to start application 2 TTPs 4 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f39bd627dde5fcc894a86bcd46f7e21d40c8ed36188ef671fe0ac92b3440f13.exe
    "C:\Users\Admin\AppData\Local\Temp\1f39bd627dde5fcc894a86bcd46f7e21d40c8ed36188ef671fe0ac92b3440f13.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    PID:1456

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1456-114-0x00000000004C0000-0x000000000060A000-memory.dmp

    Filesize

    1.3MB