Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

14/10/2022, 07:00

221014-hs1tyscfc6 1

12/10/2022, 08:00

221012-jv5flachh4 8

Analysis

  • max time kernel
    70s
  • max time network
    78s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2022, 08:00

General

  • Target

    3550/3367.cmd

  • Size

    245B

  • MD5

    c0a2c18b8e80e4a7af74bf718bbb993b

  • SHA1

    7c87ef36f1763b5d5234ca45445b73bb3f49b8b2

  • SHA256

    6e67d68badb493c0be327073ff68740c6cca48de5094d925593dd1248f1046c1

  • SHA512

    bd84b3ba94e30169d9b12e3f1363cdc9731a728ade2717a6ebdd9de23494c0441043304fd82ad3ddc8bbb627c882df17ebeb4985c3667b38c93de9773a16b1b2

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\3550\3367.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5032
    • C:\Windows\system32\PING.EXE
      ping google.com
      2⤵
      • Runs ping.exe
      PID:644
    • C:\Users\Admin\AppData\Local\Temp\in.exe
      C:\Users\Admin\AppData\Local\Temp\\in.exe 3550\pots.dat
      2⤵
      • Executes dropped EXE
      PID:3004

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\in.exe

    Filesize

    24KB

    MD5

    b0c2fa35d14a9fad919e99d9d75e1b9e

    SHA1

    8d7c2fd354363daee63e8f591ec52fa5d0e23f6f

    SHA256

    022cb167a29a32dae848be91aef721c74f1975af151807dafcc5ed832db246b7

    SHA512

    a6155e42b605425914d1bf745d9b2b5ed57976e161384731c6821a1f8fa2bc3207a863ae45d6ad371ac82733b72bb024204498baa4fb38ad46c6d7bc52e5a022