Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
04/07/2023, 20:22
Static task
static1
Behavioral task
behavioral1
Sample
challange_Benign_368f69524598cf84847b4aa579144294c896b7b1c0456eb0b1d7a9fefad765a3.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
challange_Benign_368f69524598cf84847b4aa579144294c896b7b1c0456eb0b1d7a9fefad765a3.exe
Resource
win10v2004-20230703-en
General
-
Target
challange_Benign_368f69524598cf84847b4aa579144294c896b7b1c0456eb0b1d7a9fefad765a3.exe
-
Size
60KB
-
MD5
87c46b9993cf73b6953a6acc779ad213
-
SHA1
99861ff57c3ede8a9bd2d9efb16971f1b8aec5f3
-
SHA256
368f69524598cf84847b4aa579144294c896b7b1c0456eb0b1d7a9fefad765a3
-
SHA512
86843b10e2aa9a49218769ad47d1be3725ae5943784785ddf36c8f890df13862a4fca302f4b10e97a92d0a34f678298696a0dc5f9e6681b906040317587acd11
-
SSDEEP
1536:DwpW9UaDLSvuQUE6UR8wiSSgOkfl6LqCgq3:iW9UaDuvlwUeKSgrMLqCgq3
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 824 wrote to memory of 1068 824 challange_Benign_368f69524598cf84847b4aa579144294c896b7b1c0456eb0b1d7a9fefad765a3.exe 29 PID 824 wrote to memory of 1068 824 challange_Benign_368f69524598cf84847b4aa579144294c896b7b1c0456eb0b1d7a9fefad765a3.exe 29 PID 824 wrote to memory of 1068 824 challange_Benign_368f69524598cf84847b4aa579144294c896b7b1c0456eb0b1d7a9fefad765a3.exe 29 PID 824 wrote to memory of 1068 824 challange_Benign_368f69524598cf84847b4aa579144294c896b7b1c0456eb0b1d7a9fefad765a3.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\challange_Benign_368f69524598cf84847b4aa579144294c896b7b1c0456eb0b1d7a9fefad765a3.exe"C:\Users\Admin\AppData\Local\Temp\challange_Benign_368f69524598cf84847b4aa579144294c896b7b1c0456eb0b1d7a9fefad765a3.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:824 -
C:\Windows\SysWOW64\cmd.execmd.exe /c C:\Users\Admin\AppData\Local\Temp\bt82248.bat "C:\Users\Admin\AppData\Local\Temp\challange_Benign_368f69524598cf84847b4aa579144294c896b7b1c0456eb0b1d7a9fefad765a3.exe"2⤵PID:1068
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
432B
MD5bc87bb148aa59dbb65056f7b9c1aa569
SHA171c7aa6fc9663eaa70ab7754a9f21c0f01df7847
SHA256c46c78dc715e694de546e5855d1e22afcc5dbc015fe5eb32bb404dc6b5f0c887
SHA51272129b9925538c71e1d91f310796f68044bad655e8cf38ca094169f9fa9e5fb66f1d28ee804b139ca0a7f79e9ae7a7e9dd1638dab46419cec2eb6ebf49a2825f