Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

KNOCK Inst....1.exe

windows7-x64

8

KNOCK Inst....1.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    91s
  • max time network
    181s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/01/2023, 13:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    KNOCK Installer 1.0.1.exe

  • Size

    4.9MB

  • MD5

    66ed9148528c0c18232754f939c6330f

  • SHA1

    c5223d949b4e35a023cadf37ad6247a25e0bc6cc

  • SHA256

    859ffa4614cbd9e6fd0334aee8b463374d49809413796763f91da0e7956d63ce

  • SHA512

    86d0b61e97cefd8d169c4e1a7b49904694c25a520a76f9dd752a244d0df1aa79e2ad816204d060ea0a4d10fa44d73ea46796a03f95eaf8065a31e4aeed8c9bf6

  • SSDEEP

    98304:cSii5JCHyj6lvs6uQiU4fXV8bNt95uN+q+5o+63rcG+DidXvh6d204OOR5qvB:DoHysvs6ulfF8bj+Z+K+63rCgJ6M8YYp

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\KNOCK Installer 1.0.1.exe
    "C:\Users\Admin\AppData\Local\Temp\KNOCK Installer 1.0.1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4300
    • C:\Users\Admin\AppData\Local\Temp\is-COA3Q.tmp\KNOCK Installer 1.0.1.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-COA3Q.tmp\KNOCK Installer 1.0.1.tmp" /SL5="$801C4,4339394,780800,C:\Users\Admin\AppData\Local\Temp\KNOCK Installer 1.0.1.exe"
      2⤵
      • Executes dropped EXE
      PID:4708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-COA3Q.tmp\KNOCK Installer 1.0.1.tmp
    Filesize

    2.9MB

    MD5

    94131bef16159dd39f504941b3094421

    SHA1

    5cc0c470757ba76358d2ce20590b8498b6d52ff5

    SHA256

    c69ce7a86b918ee3d9ab3f33ae252259f51e7af12e46a477cc4911bb2824d221

    SHA512

    36b4c3f0c4260dd7780acd16d7e67fff42e02427e05b04cee49e6da5c5308f76cf1495f47a97da24ee32e7bc2f74ee8c054fc7986bd59dfef2137115dd2314d9

    Download Submit

  • memory/4300-132-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/4300-134-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/4300-137-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download