Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
85s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
-
submitted
08/05/2023, 19:42
General
-
Target
461180b3ab1aded7ac33480bd5cf687a148d916be9a40f13110c43644db9471b.exe
-
Size
2.7MB
-
MD5
d2e01a09a292bd4069ad14942a628bf2
-
SHA1
e32b7249f9e20e7305882bd6221aac0dee7a60c5
-
SHA256
461180b3ab1aded7ac33480bd5cf687a148d916be9a40f13110c43644db9471b
-
SHA512
c82b447ef5e5ea6f10188bd082cfae1674e4bb9c17218914b57673eddf042d643d5423a705d0318464a894252cab4f2cf4733660f1800cee00bb8bbcb084c66d
-
SSDEEP
49152:GRqJZYhFD5YhRkELN3T05OTgR97YF+ed:GRqJZY7aRkELNA5
Score
6/10
Malware Config
Signatures
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\461180b3ab1aded7ac33480bd5cf687a148d916be9a40f13110c43644db9471b.exe"C:\Users\Admin\AppData\Local\Temp\461180b3ab1aded7ac33480bd5cf687a148d916be9a40f13110c43644db9471b.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c tzutil /g2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\tzutil.exetzutil /g3⤵
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB