Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
30/12/2023, 03:27
General
-
Target
0cef008dd1a97bd1c1215cdadfb6be3a.exe
-
Size
47KB
-
MD5
0cef008dd1a97bd1c1215cdadfb6be3a
-
SHA1
0c5704c392d34220b9788110627cc55afcc9c33f
-
SHA256
2602572a4796a821b4e34c006db92a38b8de312e5c2f447a9a11b2061fd24101
-
SHA512
94e29ae15ff3eb07770743dfcc3f5cf55122c22bce61d6b1c747304d6893231614f40af2cee05c0d07717f60a989416986f066701badd4f568da158c7dbf0ab6
-
SSDEEP
768:3gdS9lYkqLiul1LroiVUcfS3hufoqHd7ypJtk13:3gdCeLiq1LhVUw+YfZdiJe
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0cef008dd1a97bd1c1215cdadfb6be3a.exe"C:\Users\Admin\AppData\Local\Temp\0cef008dd1a97bd1c1215cdadfb6be3a.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\wrqlmnut\wtajyjir.exeC:\ProgramData\wrqlmnut\wtajyjir.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exe/c del /f C:\Users\Admin\AppData\Local\Temp\0CEF00~1.EXE.bak >> NUL2⤵
- Deletes itself
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
47KB
MD50cef008dd1a97bd1c1215cdadfb6be3a
SHA10c5704c392d34220b9788110627cc55afcc9c33f
SHA2562602572a4796a821b4e34c006db92a38b8de312e5c2f447a9a11b2061fd24101
SHA51294e29ae15ff3eb07770743dfcc3f5cf55122c22bce61d6b1c747304d6893231614f40af2cee05c0d07717f60a989416986f066701badd4f568da158c7dbf0ab6