Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
100s -
max time network
107s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
29/10/2022, 11:20
Static task
static1
Behavioral task
behavioral1
Sample
testlnk.exe
Resource
win7-20220812-en
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
testlnk.exe
Resource
win10v2004-20220812-en
3 signatures
150 seconds
General
-
Target
testlnk.exe
-
Size
2.4MB
-
MD5
30757d645e25fb8ee4871ceface19772
-
SHA1
e21abb5ecefd8f9c9ad5f30c27ef3de913b47ed2
-
SHA256
53a346abbdc2c926034a024aee8a4b794edb4430826489486ad0dc46d1352d41
-
SHA512
226f96d3d36e70788a9b2019331fd29cbabfad994c31f3fda09d02304b246638caabf5623e66e870e3f9077f170286fa9cf4693f266be3a1dd17dc130f2378df
-
SSDEEP
49152:lIgOhjpeuUTmDyXv2KT0MIrCHvn9MJ7Im7uAYHsJd0ChzzI7MVHvwWjNM:lIgOhjpeuUTmDKvG4viGm6qdU0HFNM
Score
7/10
Malware Config
Signatures
-
Uses the VBS compiler for execution 1 TTPs
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2008 set thread context of 101776 2008 testlnk.exe 83 -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 2008 wrote to memory of 101776 2008 testlnk.exe 83 PID 2008 wrote to memory of 101776 2008 testlnk.exe 83 PID 2008 wrote to memory of 101776 2008 testlnk.exe 83 PID 2008 wrote to memory of 101776 2008 testlnk.exe 83 PID 2008 wrote to memory of 101776 2008 testlnk.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\testlnk.exe"C:\Users\Admin\AppData\Local\Temp\testlnk.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2008 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"2⤵PID:101776
-