Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
12/10/2022, 14:53
General
-
Target
12d41d0a60704d9f45093765c0324abaef34d05a793ecc2ae1140f7ea72922e6.exe
-
Size
151KB
-
MD5
6d36288b0a0328c7ea9824fb60302410
-
SHA1
7a7ee08d7051cd0683ce8f5f5720440e552050a7
-
SHA256
12d41d0a60704d9f45093765c0324abaef34d05a793ecc2ae1140f7ea72922e6
-
SHA512
4ea93fe4351e4be7847900b0a74f00dd0258c0dfbed651cbc3206f67d7f6ecf8212964711bedab64616f859408ad3fd3c49ad0a1fd18ef829d0a1b6a7fbfd23b
-
SSDEEP
3072:e5FBzlOb9WVE1wGUTuknS114fO+qDD7y0N:e5FBhOb90E1wHukSwfhi7/
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Drops file in Windows directory 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\12d41d0a60704d9f45093765c0324abaef34d05a793ecc2ae1140f7ea72922e6.exe"C:\Users\Admin\AppData\Local\Temp\12d41d0a60704d9f45093765c0324abaef34d05a793ecc2ae1140f7ea72922e6.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v 360Ö÷¶¯·ÀÓù /d C:WINDOWS\SHELLNEW\sever.exe /f2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exereg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v 360Ö÷¶¯·ÀÓù /d C:WINDOWS\SHELLNEW\sever.exe /f3⤵
- Adds Run key to start application
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
156KB
-
Filesize
156KB