Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
126s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
03/12/2021, 08:42
Static task
static1
Behavioral task
behavioral1
Sample
Payroll_2021.bin
Resource
win7-en-20211014
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Payroll_2021.bin
Resource
win10-en-20211104
windows10_x64
0 signatures
0 seconds
General
-
Target
Payroll_2021.bin
-
Size
12.2MB
-
MD5
15518d5c35980b174fa79db41066ddbb
-
SHA1
c702da0190139cf05639bb4b660c6347f507a574
-
SHA256
4d045262dbdb511c5771899d51511d8265024fc4d2e897913d3e5766b37cff6a
-
SHA512
a3d97b7bf07c9786d63eaeaa0bf75194f3f3b8ed2e8991932912aefa7c2ab849e750034cf8b10a77580511494c09567fd3431910700d14386815701c99cd6f55
Score
7/10
Malware Config
Signatures
-
Loads dropped DLL 36 IoCs
pid Process 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin 4188 Payroll_2021.bin -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 396 wrote to memory of 4040 396 cmd.exe 70 PID 396 wrote to memory of 4040 396 cmd.exe 70 PID 4040 wrote to memory of 4188 4040 Payroll_2021.bin 71 PID 4040 wrote to memory of 4188 4040 Payroll_2021.bin 71
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Payroll_2021.bin1⤵
- Suspicious use of WriteProcessMemory
PID:396 -
C:\Users\Admin\AppData\Local\Temp\Payroll_2021.binC:\Users\Admin\AppData\Local\Temp\Payroll_2021.bin2⤵
- Suspicious use of WriteProcessMemory
PID:4040 -
C:\Users\Admin\AppData\Local\Temp\Payroll_2021.binC:\Users\Admin\AppData\Local\Temp\Payroll_2021.bin3⤵
- Loads dropped DLL
PID:4188
-
-