Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
187s -
max time network
193s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
30/10/2022, 18:39
Static task
static1
Behavioral task
behavioral1
Sample
c297f313a2aa2ad171d0c2de8956943d2751702d2bb6aabf3f0080a400bb3d74.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c297f313a2aa2ad171d0c2de8956943d2751702d2bb6aabf3f0080a400bb3d74.exe
Resource
win10v2004-20220812-en
General
-
Target
c297f313a2aa2ad171d0c2de8956943d2751702d2bb6aabf3f0080a400bb3d74.exe
-
Size
84KB
-
MD5
82a46e1e192e933e4f75fe872da031c2
-
SHA1
e6f53bf72d0fd0cb5a2d80558f6be1ee4d39ec15
-
SHA256
c297f313a2aa2ad171d0c2de8956943d2751702d2bb6aabf3f0080a400bb3d74
-
SHA512
c1bff054a1f21ae8113e72b7e00a0d2fd5fca3624d33ecc2bda8e02e9128ce551e6cea118366c39864c1c445292441cacad12e5022a3e63774eb83f57fd0ab31
-
SSDEEP
1536:qwm8nBjqs32bxPpBRy32Z6gJlyiKqVo6EUMm0:5m8nBjTmbxRBRN6WYiKqVo6Zs
Malware Config
Signatures
-
Drops file in Windows directory 4 IoCs
description ioc Process File created C:\Windows\svchost.exe c297f313a2aa2ad171d0c2de8956943d2751702d2bb6aabf3f0080a400bb3d74.exe File opened for modification C:\Windows\svchost.exe c297f313a2aa2ad171d0c2de8956943d2751702d2bb6aabf3f0080a400bb3d74.exe File opened for modification C:\Windows\kernel.dll c297f313a2aa2ad171d0c2de8956943d2751702d2bb6aabf3f0080a400bb3d74.exe File created C:\Windows\kernel.dll c297f313a2aa2ad171d0c2de8956943d2751702d2bb6aabf3f0080a400bb3d74.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4948 c297f313a2aa2ad171d0c2de8956943d2751702d2bb6aabf3f0080a400bb3d74.exe 4948 c297f313a2aa2ad171d0c2de8956943d2751702d2bb6aabf3f0080a400bb3d74.exe -
Suspicious use of WriteProcessMemory 1 IoCs
description pid Process procid_target PID 4948 wrote to memory of 780 4948 c297f313a2aa2ad171d0c2de8956943d2751702d2bb6aabf3f0080a400bb3d74.exe 38
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:780
-
C:\Users\Admin\AppData\Local\Temp\c297f313a2aa2ad171d0c2de8956943d2751702d2bb6aabf3f0080a400bb3d74.exe"C:\Users\Admin\AppData\Local\Temp\c297f313a2aa2ad171d0c2de8956943d2751702d2bb6aabf3f0080a400bb3d74.exe"2⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4948
-