Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    90s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220112
  • submitted
    01/03/2022, 06:36

General

  • Target

    5220cbc7676fff1c6bfe1bb8842ecd8ed80aecbe7da5b2cacd2ef3221d98a773.exe

  • Size

    711KB

  • MD5

    bad865b507182358a683405f3728937a

  • SHA1

    86cbc485c160107811c759708eecfae3e3cd2716

  • SHA256

    5220cbc7676fff1c6bfe1bb8842ecd8ed80aecbe7da5b2cacd2ef3221d98a773

  • SHA512

    bf531f5ee08da5c41bc218f35ffc99b35959afcaa719169018702bec23f7cfafad0b224ebc3e09d594c430b82bb8792d4d59f826ab1aa259e8c6d9ca00db349c

Malware Config

Signatures

  • FakeAV, RogueAntivirus

    FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

  • Adds Run key to start application 2 TTPs 4 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5220cbc7676fff1c6bfe1bb8842ecd8ed80aecbe7da5b2cacd2ef3221d98a773.exe
    "C:\Users\Admin\AppData\Local\Temp\5220cbc7676fff1c6bfe1bb8842ecd8ed80aecbe7da5b2cacd2ef3221d98a773.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    PID:2040

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2040-130-0x0000000001ED0000-0x0000000001ED1000-memory.dmp

    Filesize

    4KB