Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
28/12/2023, 22:14
General
-
Target
fc0f8a6a8bedf2874a3c0d9522d95827.exe
-
Size
444KB
-
MD5
fc0f8a6a8bedf2874a3c0d9522d95827
-
SHA1
1d19d18e3a6d423c2a5cf881a13fd196c38d2bfb
-
SHA256
6fb27fff54580df0e46cd89a61baa101871ddf205f39854482ca8c39125b8ff1
-
SHA512
7ae350ead9b5a75644757e1a6898893d811d8a9fd4524b95086c1e06cc740b91db06d5b3136f57e859dd76f231d97c23420781ee3f168f6585931bb6621c3251
-
SSDEEP
6144:fFrJxvldL4c5ONK1xgWbd1s79+iStZ5nN2LjmsQQ9FFiZyl9UD+W4Aiq61Sp3TUd:Nb4bZudi79LGn0/QGg+l/SxPA
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fc0f8a6a8bedf2874a3c0d9522d95827.exe"C:\Users\Admin\AppData\Local\Temp\fc0f8a6a8bedf2874a3c0d9522d95827.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4873.tmp"C:\Users\Admin\AppData\Local\Temp\4873.tmp" --helpC:\Users\Admin\AppData\Local\Temp\fc0f8a6a8bedf2874a3c0d9522d95827.exe 53B790A8E9F74D998CBAD1064BC556071E3EA677B0DBD0646C1961A0889D79E3E756E7F6ECD0B52D6BAAFF976951239F7A5C8063A811DD5C87541B5D00F2C9D02⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
444KB
MD5973c1cce2a6ee4a2fb2b3f1997935e73
SHA16fc1d0c7c95cca154da2dd54a2de0a2a95d08c36
SHA256ca25f7a913186b5cf6ad9fcdf3252305615192836bfddf4f41f03863bc0af39d
SHA512a8e9b03654b9d9f2fc3d6a439bab92795c48d5b529ebaf8562f7780721ce822138866fc3d653a0eeeceb8bb2e4b473b9df049c12b27710517190974baa0dd5b0