Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
173s -
max time network
200s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
26/12/2023, 09:33
General
-
Target
642a3973cd68fb8b154153f51a04a94d.exe
-
Size
778KB
-
MD5
642a3973cd68fb8b154153f51a04a94d
-
SHA1
c4ec5065bdc44de32ca065835f679f211d130566
-
SHA256
21cb27bac2b9299249a508a50586814a56c632088b95baa91b02592d868adbc6
-
SHA512
e757fe455a5d4b83c9edf0b265b56540e42bd24f6c122a0e86028eaa51a8dae804e4bdc90bec70e53f06624c9203fb3a3b9ef27b6a7e16a74b86b6d9d607a7b8
-
SSDEEP
24576:ViFPxWXwq38PUR1y7IncWZrsqo557m7raH:VgPk+UR1PcS6r7z
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\642a3973cd68fb8b154153f51a04a94d.exe"C:\Users\Admin\AppData\Local\Temp\642a3973cd68fb8b154153f51a04a94d.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-DFC0G.tmp\642a3973cd68fb8b154153f51a04a94d.tmp"C:\Users\Admin\AppData\Local\Temp\is-DFC0G.tmp\642a3973cd68fb8b154153f51a04a94d.tmp" /SL5="$13002C,758190,81408,C:\Users\Admin\AppData\Local\Temp\642a3973cd68fb8b154153f51a04a94d.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
54KB
MD57ac46d465fcc339c548a1d5650deccb0
SHA17bb3b764f5ce0d7e8ec84611e7a4f94c16da96ba
SHA256901136442409b355d2c6eacc8b689419102f17040b2e1a78381159104dfe284b
SHA51253db1cd9f05d17f5df6be4b82e27c2f3506b967b72123b06be6f7e85c64d203abff29fd12d2e62fdf20dccc0b997b9c10238ec54ec77a69a92ff25b54e538715
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
80KB
-
Filesize
80KB