Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
28/12/2023, 22:14
General
-
Target
fc0f8a6a8bedf2874a3c0d9522d95827.exe
-
Size
444KB
-
MD5
fc0f8a6a8bedf2874a3c0d9522d95827
-
SHA1
1d19d18e3a6d423c2a5cf881a13fd196c38d2bfb
-
SHA256
6fb27fff54580df0e46cd89a61baa101871ddf205f39854482ca8c39125b8ff1
-
SHA512
7ae350ead9b5a75644757e1a6898893d811d8a9fd4524b95086c1e06cc740b91db06d5b3136f57e859dd76f231d97c23420781ee3f168f6585931bb6621c3251
-
SSDEEP
6144:fFrJxvldL4c5ONK1xgWbd1s79+iStZ5nN2LjmsQQ9FFiZyl9UD+W4Aiq61Sp3TUd:Nb4bZudi79LGn0/QGg+l/SxPA
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fc0f8a6a8bedf2874a3c0d9522d95827.exe"C:\Users\Admin\AppData\Local\Temp\fc0f8a6a8bedf2874a3c0d9522d95827.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8833.tmp"C:\Users\Admin\AppData\Local\Temp\8833.tmp" --helpC:\Users\Admin\AppData\Local\Temp\fc0f8a6a8bedf2874a3c0d9522d95827.exe 68AE5F75C806B930E7ABC850B2E5613FB878CE4C8DF0E92CEBDCB229647D450ECAB70FC72E09E5EEA77306B7B986A9046EFEA7160A244455CD52889803908AF02⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
444KB
MD55c6920699e7bb85e6ee7533291e1b7ac
SHA15df9d7963c77034429d6e30fea11577bb51803ca
SHA256f87deeb168fc965c060da59b18cdc2e7a8d9f1a4634af96eab2723db5c6f0033
SHA5129fe71a3a8925085812e89a3b734be0fbaf52166a7f402d57e50e83b93acfa72cc50a2cd87c368c74fee3cdcdc02afd4f30425e79ead5b2415367e3c5e164a5bb