Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    85s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/05/2023, 19:42

General

  • Target

    461180b3ab1aded7ac33480bd5cf687a148d916be9a40f13110c43644db9471b.exe

  • Size

    2.7MB

  • MD5

    d2e01a09a292bd4069ad14942a628bf2

  • SHA1

    e32b7249f9e20e7305882bd6221aac0dee7a60c5

  • SHA256

    461180b3ab1aded7ac33480bd5cf687a148d916be9a40f13110c43644db9471b

  • SHA512

    c82b447ef5e5ea6f10188bd082cfae1674e4bb9c17218914b57673eddf042d643d5423a705d0318464a894252cab4f2cf4733660f1800cee00bb8bbcb084c66d

  • SSDEEP

    49152:GRqJZYhFD5YhRkELN3T05OTgR97YF+ed:GRqJZY7aRkELNA5

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\461180b3ab1aded7ac33480bd5cf687a148d916be9a40f13110c43644db9471b.exe
    "C:\Users\Admin\AppData\Local\Temp\461180b3ab1aded7ac33480bd5cf687a148d916be9a40f13110c43644db9471b.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3644
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c tzutil /g
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1392
      • C:\Windows\SysWOW64\tzutil.exe
        tzutil /g
        3⤵
          PID:3160

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3644-133-0x0000000004B50000-0x0000000004C94000-memory.dmp

      Filesize

      1.3MB