Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
158s -
max time network
174s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
04/12/2022, 12:01
General
-
Target
f02df4b8df3920cade147880112ef58a20417bec2bcf8d4412b4e9581b2d29cb.exe
-
Size
448KB
-
MD5
37c01c203c0024f88fe4e3c9dec2a345
-
SHA1
1f18fb8d2fe740c4ebf401d1516e17691bcba58c
-
SHA256
f02df4b8df3920cade147880112ef58a20417bec2bcf8d4412b4e9581b2d29cb
-
SHA512
4ded981dd9006f489a0adceb3b63e4fce817b0d595320a5a316d6a4e32d749d8bff4db7045d408fb82641831eac9ad70ddb95d1502a79a0be0777642dedb312b
-
SSDEEP
12288:IKvtGJqHXFlOPH4NTdBMOPFu6z/bqaWZAI:I2tGJqL24NTnMXSBWZAI
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Program crash 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f02df4b8df3920cade147880112ef58a20417bec2bcf8d4412b4e9581b2d29cb.exe"C:\Users\Admin\AppData\Local\Temp\f02df4b8df3920cade147880112ef58a20417bec2bcf8d4412b4e9581b2d29cb.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 408 -s 6722⤵
- Program crash
-
-
C:\ProgramData\aC28601BhNpE28601\aC28601BhNpE28601.exe"C:\ProgramData\aC28601BhNpE28601\aC28601BhNpE28601.exe" "C:\Users\Admin\AppData\Local\Temp\f02df4b8df3920cade147880112ef58a20417bec2bcf8d4412b4e9581b2d29cb.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 6683⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 180 -p 408 -ip 4081⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4360 -ip 43601⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
448KB
MD58806ea417642ace11da544ff4c5782e1
SHA10715ffbc659418c478ef170e43bbfdd861f860dd
SHA2567a2e1564cef23b8b07cb2ae97044249fda577bf8c2dbfb041ac46399d4cdd499
SHA512acf6357520d0a327e30a863c71ed335a579ee481757fa3c4abfec4522e616f96874cfa6b38299a1db33437e49f16c8821edf5380fde009cdfa1e33e0e7cb2b53
-
Filesize
448KB
MD58806ea417642ace11da544ff4c5782e1
SHA10715ffbc659418c478ef170e43bbfdd861f860dd
SHA2567a2e1564cef23b8b07cb2ae97044249fda577bf8c2dbfb041ac46399d4cdd499
SHA512acf6357520d0a327e30a863c71ed335a579ee481757fa3c4abfec4522e616f96874cfa6b38299a1db33437e49f16c8821edf5380fde009cdfa1e33e0e7cb2b53
-
Filesize
968KB
-
Filesize
968KB