Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
20/03/2023, 19:11
General
-
Target
0f7685475c0912b4e9a794fa8eeff885.exe
-
Size
23KB
-
MD5
0f7685475c0912b4e9a794fa8eeff885
-
SHA1
92ea844bbbd0331df646c3cde3d73b37863df312
-
SHA256
f41ef98c543024f81a9f443613eae6eb09de3c7a310b8794ecc9baec31999ca2
-
SHA512
2c90bf5f13cdbfd33857f1f0d214b8ee537b3fca09fdbdae727eb45db1f97a5c59f738252cceb2d31fa517b7cd25053af8c8e35fe1cdcae3161d52d50961f929
-
SSDEEP
384:X8aLWS0dABLYVq6RxP8MDFF09vK563gRMmJKUv0mRvR6JZlbw8hqIusZzZ3l:sXcwt3tRpcnuW
Score
8/10
Malware Config
Signatures
-
Modifies Windows Firewall 1 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 23 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0f7685475c0912b4e9a794fa8eeff885.exe"C:\Users\Admin\AppData\Local\Temp\0f7685475c0912b4e9a794fa8eeff885.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\0f7685475c0912b4e9a794fa8eeff885.exe" "0f7685475c0912b4e9a794fa8eeff885.exe" ENABLE2⤵
- Modifies Windows Firewall
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
256KB
-
Filesize
256KB