Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
55s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
01/12/2022, 18:37
Static task
static1
Behavioral task
behavioral1
Sample
bc855e627be593161e7ca6ca3f54bc134d557b5c328bfe2335464ea599f66c11.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
bc855e627be593161e7ca6ca3f54bc134d557b5c328bfe2335464ea599f66c11.exe
Resource
win10v2004-20221111-en
General
-
Target
bc855e627be593161e7ca6ca3f54bc134d557b5c328bfe2335464ea599f66c11.exe
-
Size
41KB
-
MD5
cfd13395703a35b02be5b80edf1b8826
-
SHA1
ce0ecc59eb9b9aceaeff0ffe214a6ae32c91084b
-
SHA256
bc855e627be593161e7ca6ca3f54bc134d557b5c328bfe2335464ea599f66c11
-
SHA512
1cc182b6ea3e01b9bc7f3e0aae0703ce5da9ff8ebae84d980bc28200154f1fd5afc196f26ae8bc36585688ebf666079f77da8dbb9fdb80b68e50b8c0955f1511
-
SSDEEP
768:X5DZ2h94FnpQPn4NSmRFm3qtWiUCb+BHPSNJCTGriVVBonMcFqed6tIDsox:np64jg6tWiUCbnN1GzonMcFR66D
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1032 WmInit.exe -
Drops file in System32 directory 5 IoCs
description ioc Process File created C:\Windows\SysWOW64\WmInit.exe bc855e627be593161e7ca6ca3f54bc134d557b5c328bfe2335464ea599f66c11.exe File opened for modification C:\Windows\SysWOW64\tmp bc855e627be593161e7ca6ca3f54bc134d557b5c328bfe2335464ea599f66c11.exe File created C:\Windows\SysWOW64\tmp bc855e627be593161e7ca6ca3f54bc134d557b5c328bfe2335464ea599f66c11.exe File created C:\Windows\SysWOW64\WmInit.dat bc855e627be593161e7ca6ca3f54bc134d557b5c328bfe2335464ea599f66c11.exe File opened for modification C:\Windows\SysWOW64\WmInit.exe bc855e627be593161e7ca6ca3f54bc134d557b5c328bfe2335464ea599f66c11.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2212 wrote to memory of 1032 2212 bc855e627be593161e7ca6ca3f54bc134d557b5c328bfe2335464ea599f66c11.exe 86 PID 2212 wrote to memory of 1032 2212 bc855e627be593161e7ca6ca3f54bc134d557b5c328bfe2335464ea599f66c11.exe 86 PID 2212 wrote to memory of 1032 2212 bc855e627be593161e7ca6ca3f54bc134d557b5c328bfe2335464ea599f66c11.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\bc855e627be593161e7ca6ca3f54bc134d557b5c328bfe2335464ea599f66c11.exe"C:\Users\Admin\AppData\Local\Temp\bc855e627be593161e7ca6ca3f54bc134d557b5c328bfe2335464ea599f66c11.exe"1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2212 -
C:\Windows\SysWOW64\WmInit.exe"C:\Windows\system32\WmInit.exe" "C:\Users\Admin\AppData\Local\Temp\bc855e627be593161e7ca6ca3f54bc134d557b5c328bfe2335464ea599f66c11.exe"2⤵
- Executes dropped EXE
PID:1032
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
320KB
MD5051031759e9717577ab272d0375eb413
SHA1f73ed59dd6566bd56331a3c69f4b3e8fc3625967
SHA256a4a0fcf54928b7ca9c3fcca1599ebfb7bec44362ad4e4efa4814214ab57328ea
SHA512980c0d95baa96d75815e60af014566a63186a7d77a9ccc19a0eefa9509a189a76713c28146363f5617baf02bab9bca9caac9b47f7b238d894268c0e901d4a21e