Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
30/12/2023, 06:47
General
-
Target
116a35b03f3c9c21b71ec4a2a826d9a1.exe
-
Size
137KB
-
MD5
116a35b03f3c9c21b71ec4a2a826d9a1
-
SHA1
31403326491feccc3f341b616decde45751cb208
-
SHA256
6f3ea3468344e32cdd5dc00d0f94040aefaf5604084bb0088e1c76c84fb4a835
-
SHA512
d21e3d2237e465ae063a3f8dbe2370557571c321b0783ccddc8dbc4bb9ce61e4dca8e3e84b73f1dd2eeb51b39b1577b51d52c02254af2fa9491aa3cecb13df3c
-
SSDEEP
3072:KbPN+Vmz91ASZ4L016HxawPQrwmy5MmtiJCMAiTBtPiSfL/U:K7JZJ1Gx9uwmy7g0biTj
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\116a35b03f3c9c21b71ec4a2a826d9a1.exe"C:\Users\Admin\AppData\Local\Temp\116a35b03f3c9c21b71ec4a2a826d9a1.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Fwj..bat" > nul 2> nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
210B
MD501d2bd6c69adfd55a4364d2e0e0029f3
SHA100624a9fb1828b8eb9c444f8c5f38d5f9de11e52
SHA25660351898976e586f844a2b2bf187e3408e5d12aa233f78472bb5fcd57e6fc15e
SHA51287f65e0c1581d66a24ba540a8e4740426f4a370257189336ac18878173a55c768cc50cb25c05267e8988b422a9b02ef99240aea01189f0c27dc3c8bef7d9a093
-
Filesize
188KB
-
Filesize
188KB
-
Filesize
148KB
-
Filesize
148KB