Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
25/12/2023, 08:14
General
-
Target
115262c95fca255228729fb13b1c06fb.exe
-
Size
110KB
-
MD5
115262c95fca255228729fb13b1c06fb
-
SHA1
9ba6a1df4c7faf6547b931c9e43852e70c372ec7
-
SHA256
77f9b0c7e54abbcfdc08c48cfa35cc2fb3ed66f24ad5b694942f92f8d56dc84c
-
SHA512
22dde974fe3c94ba52b72e5c5041134efbf31fe6a8e407f5c78540b27745f1ce1a7aab48e3a3fbeb85f09b863334b4c5f99307a471835dbbbb26e912c6b124d5
-
SSDEEP
3072:WNyah0mJ8VNVoRtmzUw06VyTBQNmHqfILEST:WwPVNi6h0NdQNHfLw
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 8 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 14 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\115262c95fca255228729fb13b1c06fb.exe"C:\Users\Admin\AppData\Local\Temp\115262c95fca255228729fb13b1c06fb.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\matrix322614.exeC:\Users\Admin\AppData\Local\Temp\matrix322614.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 2523⤵
- Loads dropped DLL
- Program crash
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD52e6ee751c89a44282b0f6e51c2169dc3
SHA15d4ecc7cfbec5822860ea466abd80859247ac6f0
SHA2564e259443072290d6c71add18e03199f4c4ba26a351d74f505cdb64f83507688e
SHA5126b3cbd805648202cd6f6b44c8286e8257b20f0d9fd28b84e96e54a434ffc5c3e0e5a961c0548016a3450a39d40da45eb2a49483658f1cc558e0cbe4f01575cd3
-
Filesize
92KB