Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
154s -
max time network
192s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
25/11/2022, 21:10
General
-
Target
198051ba270c12758a3889731f4805c6190ea6a295c72ca20658c97f16225103.exe
-
Size
824KB
-
MD5
afc3bde35a0c7072b9ee70ab83bba4cd
-
SHA1
00decaebb85d1bfdcc037f4cfea5ee984397e37f
-
SHA256
198051ba270c12758a3889731f4805c6190ea6a295c72ca20658c97f16225103
-
SHA512
2f55123b72774bfc52f6d8b12628d873cf0f8d2dfeae3bd472244ea6450c7f589638175132330b061306a4f2e9126f6cc218de6045ade0a6c0f05c2158353adf
-
SSDEEP
24576:NowHDDnZ0PA5Lnosj9UNIEF7Mw3Zx+vd:vjDao5Lnod7F3Zx+v
Score
7/10
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\198051ba270c12758a3889731f4805c6190ea6a295c72ca20658c97f16225103.exe"C:\Users\Admin\AppData\Local\Temp\198051ba270c12758a3889731f4805c6190ea6a295c72ca20658c97f16225103.exe"1⤵
- Identifies Wine through registry keys
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.8MB
-
Filesize
1.8MB