Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-en-20211014 -
submitted
03/12/2021, 08:42
Static task
static1
Behavioral task
behavioral1
Sample
Payroll_2021.bin
Resource
win7-en-20211014
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Payroll_2021.bin
Resource
win10-en-20211104
0 signatures
0 seconds
General
-
Target
Payroll_2021.bin
-
Size
12.2MB
-
MD5
15518d5c35980b174fa79db41066ddbb
-
SHA1
c702da0190139cf05639bb4b660c6347f507a574
-
SHA256
4d045262dbdb511c5771899d51511d8265024fc4d2e897913d3e5766b37cff6a
-
SHA512
a3d97b7bf07c9786d63eaeaa0bf75194f3f3b8ed2e8991932912aefa7c2ab849e750034cf8b10a77580511494c09567fd3431910700d14386815701c99cd6f55
Score
7/10
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 1060 Payroll_2021.bin -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1612 wrote to memory of 640 1612 cmd.exe 29 PID 1612 wrote to memory of 640 1612 cmd.exe 29 PID 1612 wrote to memory of 640 1612 cmd.exe 29 PID 640 wrote to memory of 1060 640 Payroll_2021.bin 30 PID 640 wrote to memory of 1060 640 Payroll_2021.bin 30 PID 640 wrote to memory of 1060 640 Payroll_2021.bin 30
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Payroll_2021.bin1⤵
- Suspicious use of WriteProcessMemory
PID:1612 -
C:\Users\Admin\AppData\Local\Temp\Payroll_2021.binC:\Users\Admin\AppData\Local\Temp\Payroll_2021.bin2⤵
- Suspicious use of WriteProcessMemory
PID:640 -
C:\Users\Admin\AppData\Local\Temp\Payroll_2021.binC:\Users\Admin\AppData\Local\Temp\Payroll_2021.bin3⤵
- Loads dropped DLL
PID:1060
-
-