Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
09/09/2022, 15:12
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
2 signatures
150 seconds
General
-
Target
file.exe
-
Size
509KB
-
MD5
c25b44fac10fef4f7a400548810f4335
-
SHA1
b86cf34c56a92b14acb59c4280e144b64a9d4c7e
-
SHA256
046cd8b525c82f4db3b39d9a3f1b4f7dbad48dee24af3739c81e219ab56640db
-
SHA512
109943351bc489ca9ef267f5fe2e0e108ea864414b47f4097bc512a0e8d86f7bb1cd60b89d6876f0fceb2488113c12cc2f6d2abb2930d9f3010fca2e53529dd2
-
SSDEEP
12288:o9WaQa6g2K0Gds+ALpMAm/tSeG5+ry4WBGh+sI:C3Qa6g2K0GKpc/45+rgGVI
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1328 set thread context of 101056 1328 file.exe 87 -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 1328 wrote to memory of 101056 1328 file.exe 87 PID 1328 wrote to memory of 101056 1328 file.exe 87 PID 1328 wrote to memory of 101056 1328 file.exe 87 PID 1328 wrote to memory of 101056 1328 file.exe 87 PID 1328 wrote to memory of 101056 1328 file.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1328 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵PID:101056
-