Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

cats_tfile_ru.exe

windows7-x64

1

cats_tfile_ru.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    43s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 04:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cats_tfile_ru.exe

  • Size

    507KB

  • MD5

    720da72c04b9efdde974feef961588da

  • SHA1

    30a7e2777cb365bae60528c9579d9309e86512d9

  • SHA256

    f4c7ac402a3089610540f9e1fd7cc16c4fc151af26ce8d17a0c143f841a87dbf

  • SHA512

    0f282524a7ba93b54a47500d0d93be2176f4b21b705a066724e9577c99410360503ec65afdca76bb12e20d32f5659f5d4b2422c61175ef05f73d973c94b32fdf

  • SSDEEP

    6144:bU4H+NXA11+7OWTzudGyqzTUuilFPp0as2XOv18hK7XwXJQxgCCzIcN5fcFkJrpF:tbl1d8DdaKiuxgXz4c/MW

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cats_tfile_ru.exe
    "C:\Users\Admin\AppData\Local\Temp\cats_tfile_ru.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1652
    • C:\Users\Admin\AppData\Local\Temp\cats_tfile_ru.exe
      start
      2⤵
        PID:1896
      • C:\Users\Admin\AppData\Local\Temp\cats_tfile_ru.exe
        watch
        2⤵
          PID:1232

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1232-61-0x0000000000400000-0x0000000000484000-memory.dmp

        Filesize

        528KB

        Download

      • memory/1232-63-0x0000000000400000-0x0000000000484000-memory.dmp

        Filesize

        528KB

        Download

      • memory/1652-54-0x0000000076041000-0x0000000076043000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1652-58-0x0000000000400000-0x0000000000484000-memory.dmp

        Filesize

        528KB

        Download

      • memory/1896-60-0x0000000000400000-0x0000000000484000-memory.dmp

        Filesize

        528KB

        Download

      • memory/1896-62-0x0000000000400000-0x0000000000484000-memory.dmp

        Filesize

        528KB

        Download