Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    142s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 00:51

General

  • Target

    0920113eb017459cc13ced85b986e6fb.exe

  • Size

    488KB

  • MD5

    0920113eb017459cc13ced85b986e6fb

  • SHA1

    92be36f319cdcb568040ac3d862eef3c8da7dc3d

  • SHA256

    809bc3a0b665d5f765bb4469c1a5e1c18ca47ef4462fb5107526f75d679b6911

  • SHA512

    b2d339e8bd3b67add8f1a1934aed829783ffee40d029f1c20e57dd9add162709d9667131440df0b2c8426b1339744fbf3a5e93cdaefc840f9063de4f3b71f994

  • SSDEEP

    12288:FytbV3kSoXaLnToslfkwgvOnN2hyGx/AE3WdIra0:Eb5kSYaLTVlfRNMysNWia0

Score
1/10

Malware Config

Signatures

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0920113eb017459cc13ced85b986e6fb.exe
    "C:\Users\Admin\AppData\Local\Temp\0920113eb017459cc13ced85b986e6fb.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3468
    • C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\0920113eb017459cc13ced85b986e6fb.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:408
      • C:\Windows\system32\PING.EXE
        ping 1.1.1.1 -n 1 -w 6000
        3⤵
        • Runs ping.exe
        PID:1660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads