Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
163s -
max time network
188s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
06/11/2022, 06:30
Static task
static1
Behavioral task
behavioral1
Sample
baf7a80c820aed0b5cd0113fd5873526f5c574d9dcefc6acbb4d3a8a86d15dd3.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
baf7a80c820aed0b5cd0113fd5873526f5c574d9dcefc6acbb4d3a8a86d15dd3.exe
Resource
win10v2004-20220812-en
General
-
Target
baf7a80c820aed0b5cd0113fd5873526f5c574d9dcefc6acbb4d3a8a86d15dd3.exe
-
Size
295KB
-
MD5
0a4d5738e692a0363b12234f94764d40
-
SHA1
11d92b8d5849ab43f690b66e9e9d437dd8c57502
-
SHA256
baf7a80c820aed0b5cd0113fd5873526f5c574d9dcefc6acbb4d3a8a86d15dd3
-
SHA512
7ef23744a9e1b4b61d2a99b4e48e0604d6488ade46cd3fc0894e6778dd650cf144031ebf20dcce8e094ba6493f3f6c0b6be219a9aed424532210c5b6f0d8dd10
-
SSDEEP
6144:LZseRKeNh85jUHw9KNns+d+Xf1UMnda0ggZ:dbKeNW/ysY2UklZ
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 948 wrote to memory of 4624 948 baf7a80c820aed0b5cd0113fd5873526f5c574d9dcefc6acbb4d3a8a86d15dd3.exe 79 PID 948 wrote to memory of 4624 948 baf7a80c820aed0b5cd0113fd5873526f5c574d9dcefc6acbb4d3a8a86d15dd3.exe 79 PID 948 wrote to memory of 4624 948 baf7a80c820aed0b5cd0113fd5873526f5c574d9dcefc6acbb4d3a8a86d15dd3.exe 79
Processes
-
C:\Users\Admin\AppData\Local\Temp\baf7a80c820aed0b5cd0113fd5873526f5c574d9dcefc6acbb4d3a8a86d15dd3.exe"C:\Users\Admin\AppData\Local\Temp\baf7a80c820aed0b5cd0113fd5873526f5c574d9dcefc6acbb4d3a8a86d15dd3.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:948 -
C:\Users\Admin\AppData\Local\Temp\baf7a80c820aed0b5cd0113fd5873526f5c574d9dcefc6acbb4d3a8a86d15dd3.exetear2⤵PID:4624
-