Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
31s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
15/05/2023, 01:32
General
-
Target
87815289b110cf33af8af1decf9ff2e9.exe
-
Size
58KB
-
MD5
87815289b110cf33af8af1decf9ff2e9
-
SHA1
09024f9ec9464f56b7e6c61bdd31d7044bdf4795
-
SHA256
a97ea879e2b51972aa0ba46a19ad4363d876ac035502a2ed2df27db522bc6ac4
-
SHA512
8d9024507fa83f578b375c86f38970177313ec3dd9fae794b6e7f739e84fa047a9ef56bf190f6f131d0c7c5e280e729208848b152b3ca492a54af2b18e70f5dc
-
SSDEEP
768:nfiNar/0i5A9lquoNvU4n7oDBXhVa+3Y/v2pPLo6Gyfu7q3YKdX3jj60dhfp0nQR:cIxKWLvFn43bovQtu7qo43jjRDf4e
Malware Config
Signatures
-
Drops file in Program Files directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\87815289b110cf33af8af1decf9ff2e9.exe"C:\Users\Admin\AppData\Local\Temp\87815289b110cf33af8af1decf9ff2e9.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\wscript.exe"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\88A.tmp\89A.vbs2⤵
- Drops file in Program Files directory
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
383B
MD55f427dc44f33906509423d24fa0590c0
SHA1b896f7667381a594d3751e05f258925b81c231c0
SHA2569aae0707b1d5d3b7ed3bf5cc8fbb530aebd195e3e2f18312f3f7f1aa43e031b4
SHA512bd28c386772062ef945f24c8ad7a25f158856af36e31d2c9b14674cedfd34b4f48ed531cd40a7eb291384d83665ffe154f0786c1a7ee1616256cf30125120961