Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
30/12/2023, 23:08
General
-
Target
1f774e6463e3130389ba2b69c95e597a.exe
-
Size
1.0MB
-
MD5
1f774e6463e3130389ba2b69c95e597a
-
SHA1
7ed859ef94dfb64bd4605dd72ef7e73cd7f66d35
-
SHA256
bedac3118d59b43e8479c416de7c5a7792562ec9163ce844930587dbe3b4b4ba
-
SHA512
3be45c9f8c99aa62d805f66ba1a4c0b757c735308883f8ad57f4fbb3ba565e6656ec60c652032991138d3b2a58d6c7cdcc3d04fe6206fdb03bc929055671480c
-
SSDEEP
12288:rbpHYUKy5U1bo9t8DMRSW9vbciUiLuAvOxMt11i27QitjF9:r5sJo6YrFUiyAak11LtjF9
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
-
Drops file in Windows directory 4 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1f774e6463e3130389ba2b69c95e597a.exe"C:\Users\Admin\AppData\Local\Temp\1f774e6463e3130389ba2b69c95e597a.exe"1⤵
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
\??\c:\Windows\svchest425075242507520.exec:\Windows\svchest425075242507520.exe2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB