Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

CHEESE.exe

windows10-2004-x64

7

Resubmissions

14/10/2022, 06:08

221014-gwce4abbe6 7

14/10/2022, 06:00

221014-gqlrksahdk 10

Analysis

  • max time kernel
    1550s
  • max time network
    1630s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2022, 06:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CHEESE.exe

  • Size

    2.4MB

  • MD5

    12ef571baf523c098fc4e96bb3759c21

  • SHA1

    b476dd2bed415fbbc9c96e4a33160d12bf8413bb

  • SHA256

    2180293a0c0b7340f85543d453c10e8f9a059b69a530428fe1858e92a7fa63c3

  • SHA512

    e4e2354ee21ede5f3a61c00ac9766736e55e23bd3577b5bc41a7f493b8143159ca8d771fad7af4ee4b7fd56be450b82651f0ce87b82e873119e9f1655ac7249a

  • SSDEEP

    24576:DYof7x+kxP2gEDiYbYXQZCsuMUTSyzdvi1ucvgDfR1JJMK3LTiF+cTl3RuQ5531C:kozx+kxugEaYu1JJMK3n/al3Q

Score
7/10

Malware Config

Signatures

  • Uses the VBS compiler for execution 1 TTPs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CHEESE.exe
    "C:\Users\Admin\AppData\Local\Temp\CHEESE.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2728
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
      2⤵
        PID:100448

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/100448-133-0x0000000000400000-0x0000000000405000-memory.dmp

      Filesize

      20KB

      Download

    • memory/100448-139-0x0000000000400000-0x0000000000405000-memory.dmp

      Filesize

      20KB

      Download