Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    142s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/08/2023, 14:12

General

  • Target

    8a40dd0397c97822358d0baf5ecef10a5e62a148d1501a095d2e5a690a5cbbbc.exe

  • Size

    11.7MB

  • MD5

    36fc4ec9eaeb5a5b581c8df72602eb01

  • SHA1

    7e94bb9dfcadad94451fcd00ac026f0d1494899f

  • SHA256

    8a40dd0397c97822358d0baf5ecef10a5e62a148d1501a095d2e5a690a5cbbbc

  • SHA512

    d514646c2ad0919d60171e9be2fd5ce6d5735058b4a52c5de32106010516931d8b119b304ec2ca3c5757c656a8a6f39c40128589b7e853493c379e4e8ee8b683

  • SSDEEP

    196608:9hpnuJC5jcOtHkMcHZv3T356NFLOyomFHKnP:9nnuJC5j7t1c5v3z5QF

Score
8/10

Malware Config

Signatures

  • Modifies Windows Firewall 1 TTPs 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a40dd0397c97822358d0baf5ecef10a5e62a148d1501a095d2e5a690a5cbbbc.exe
    "C:\Users\Admin\AppData\Local\Temp\8a40dd0397c97822358d0baf5ecef10a5e62a148d1501a095d2e5a690a5cbbbc.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4224
    • C:\Windows\SYSTEM32\netsh.exe
      netsh winsock reset
      2⤵
        PID:2164
      • C:\Windows\SYSTEM32\netsh.exe
        netsh firewall set opmode disable
        2⤵
        • Modifies Windows Firewall
        PID:820

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads