Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
5s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
03/12/2022, 19:48
General
-
Target
a41c1af331b24a3ce87045d4147f37078349472c86b78f911a1d68723373ff41.exe
-
Size
124KB
-
MD5
e5730c50dfe54554e1d2970f3636512c
-
SHA1
aed6b572d50c8ffd3768c1130d6e472299f78ecd
-
SHA256
a41c1af331b24a3ce87045d4147f37078349472c86b78f911a1d68723373ff41
-
SHA512
cd8e8ec8c16eb590e8dc7b7f7e7df2f701ba11bda7e3dcd72dafa2fa5f490652e8ec94477a234a528839b7d13d8a94500d10fa3f3c5a6adfc3e29d23099bd048
-
SSDEEP
3072:INTW9nbDSUAisMhmkskxizjeWfYEz6BD4L0Baw2erN8elP:SSpYifkYzRoAN
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Modifies Internet Explorer start page 1 TTPs 1 IoCs
-
Modifies registry class 12 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a41c1af331b24a3ce87045d4147f37078349472c86b78f911a1d68723373ff41.exe"C:\Users\Admin\AppData\Local\Temp\a41c1af331b24a3ce87045d4147f37078349472c86b78f911a1d68723373ff41.exe"1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\ywywywyw.bat2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
248B
MD5a05685406c1105cf042b2c2d279872f6
SHA191881fcead40f3608075bb144c683c0fc5bf6821
SHA2560ade6b91fb0e1c56c2b1555b553a271d476c095e19c85eb86a8428838c4dd975
SHA51231ff4c5d732280ba776a0f0337204bb5c0a61e4d3d989e5f6ba54d133cd6238b6f60b62eefa8026d9196483294f290b5418770aaf12ddcf54817424842d3071d