Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
153s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
11/10/2023, 23:12
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
HackExternal.exe
Resource
win7-20230831-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
HackExternal.exe
Resource
win10v2004-20230915-en
2 signatures
150 seconds
General
-
Target
HackExternal.exe
-
Size
391KB
-
MD5
26910d2402b7c193f43f5070f4c5583d
-
SHA1
e8834552c969bff5172c9b134a113585026cc32a
-
SHA256
75426e672b3356ed98af0b336345f4acd3f2ddf32c2997372f7cf318d7097eee
-
SHA512
b6691ddd594de66723eb82ebc071de4609a146723ba6a8fb206e0b43a845ff20746b8461711f552708636f3fcdfc39a82b99f3cfef3b9da7e6830c3e55ac4646
-
SSDEEP
12288:/SZvrw6MnQYqA1Bsci8weHKbH2nb2LMDb:/S5w6MnGcBs2xKbH2nywD
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1756 HackExternal.exe 1756 HackExternal.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 1756 wrote to memory of 1664 1756 HackExternal.exe 87 PID 1756 wrote to memory of 1664 1756 HackExternal.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\HackExternal.exe"C:\Users\Admin\AppData\Local\Temp\HackExternal.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1756 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c kdmapper.exe driver.sys2⤵PID:1664
-