Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    127s
  • max time network
    131s
  • platform
    windows10-1703_x64
  • resource
    win10-20230915-en
  • resource tags

    arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01/10/2023, 08:31

General

  • Target

    adde0fe197cbcf5a861e20c85e38b825e769896a256a08995f79a1ed8e9f8341.exe

  • Size

    255KB

  • MD5

    8dfade55087b4f6c8fe6d0f42d3877ba

  • SHA1

    207413c66136fb0c19bf6c4c66714e07627d9eb1

  • SHA256

    adde0fe197cbcf5a861e20c85e38b825e769896a256a08995f79a1ed8e9f8341

  • SHA512

    5cc857a948a83397f13b8ef274420569fcdb5b1f92be08efa54a4a68220cd305896331da54c8fe2bbc7d808950b5d523be4749bc9fa35db095feeb5c9a7fdf94

  • SSDEEP

    3072:tNu8Yv1D41ClAAaQ4reOVoPugLrkvjtGQyXg/2hWscLp0rBEd6l5/pwMUn3Y:TMoCJ4Do6jwYsQpmBRuM

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Kills process with taskkill 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\adde0fe197cbcf5a861e20c85e38b825e769896a256a08995f79a1ed8e9f8341.exe
    "C:\Users\Admin\AppData\Local\Temp\adde0fe197cbcf5a861e20c85e38b825e769896a256a08995f79a1ed8e9f8341.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5080
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c taskkill /im "adde0fe197cbcf5a861e20c85e38b825e769896a256a08995f79a1ed8e9f8341.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\adde0fe197cbcf5a861e20c85e38b825e769896a256a08995f79a1ed8e9f8341.exe" & exit
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2520
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /im "adde0fe197cbcf5a861e20c85e38b825e769896a256a08995f79a1ed8e9f8341.exe" /f
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:4664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5080-0-0x0000000002070000-0x0000000002094000-memory.dmp

    Filesize

    144KB

  • memory/5080-1-0x00000000020A0000-0x00000000020DE000-memory.dmp

    Filesize

    248KB

  • memory/5080-2-0x0000000000400000-0x000000000044D000-memory.dmp

    Filesize

    308KB

  • memory/5080-7-0x0000000000400000-0x000000000044D000-memory.dmp

    Filesize

    308KB

  • memory/5080-8-0x00000000020A0000-0x00000000020DE000-memory.dmp

    Filesize

    248KB

  • memory/5080-9-0x0000000002070000-0x0000000002094000-memory.dmp

    Filesize

    144KB