Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
18/12/2022, 16:34
General
-
Target
ea4d6def513ef7ce1048f1a86de9875e898f6bf7d83f55894f289a2f3b538db9.exe
-
Size
286KB
-
MD5
a11d17ba4850abb0dea6d92349a82d82
-
SHA1
423248215922cb4aeec346687dfec2bae1852196
-
SHA256
ea4d6def513ef7ce1048f1a86de9875e898f6bf7d83f55894f289a2f3b538db9
-
SHA512
86ae71f0625110ae09f4834aff89c499b86f770d48197351d483ac1b697cb863496ac9b9727e960d1863a77c25e3f7e492a6648c997cc5bca1bb83c8a371c510
-
SSDEEP
6144:8lLNALH4PieMwIkp7oPsjrGz7Z+d88iwzjlVklPH:8lZALH4PBMwIAfHGh/GlU
Score
10/10
Malware Config
Signatures
-
Detect rhadamanthys stealer shellcode 1 IoCs
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
-
Program crash 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ea4d6def513ef7ce1048f1a86de9875e898f6bf7d83f55894f289a2f3b538db9.exe"C:\Users\Admin\AppData\Local\Temp\ea4d6def513ef7ce1048f1a86de9875e898f6bf7d83f55894f289a2f3b538db9.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 6562⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4740 -ip 47401⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
140KB
-
Filesize
156KB
-
Filesize
456KB
-
Filesize
140KB
-
Filesize
456KB
-
Filesize
116KB