Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
4s -
max time network
73s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
30/12/2023, 06:55
General
-
Target
118d86b920ddede209c8a392c421b5c8.exe
-
Size
431KB
-
MD5
118d86b920ddede209c8a392c421b5c8
-
SHA1
fae1ae00917482590124a51110d82cf727616e30
-
SHA256
bfa99f0fbc0f753f72c6aef9681b164eff199a9e97250de83d224ff365948c94
-
SHA512
dd5830b2e1d9eb7eea6b6e85d1bafe7cc2a1ea5343622e5281eab59e5f2f83b1dc480c1469b163089bcdc6a6867ac75be7705db45b2d792378012d392dcfe7a0
-
SSDEEP
6144:Ls41n3WVQKGLr30b/Lhhjv6C5zMt6UuR+eNjV/01dXIOrUTF3mm0/2uVP8CnUys0:N1nNKg30b/dvhi+y1G5d0hnUy0ZS9
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\118d86b920ddede209c8a392c421b5c8.exe"C:\Users\Admin\AppData\Local\Temp\118d86b920ddede209c8a392c421b5c8.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\nsn4EDD.tmp\APNStub.exe"C:\Users\Admin\AppData\Local\Temp\nsn4EDD.tmp\APNStub.exe" /tb=BDE2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD5a0171a65c42762d21543c66b5c283ba9
SHA11926a68a6e5ff58859b70df31a19aa3c2b10871b
SHA256aa20bae7a9c6e9bcb32533b4a428cfe08032d91f0b2fe6d585e80cf71bc464b2
SHA512523806c476a359c3417d55c9d37bffcfb2f084527ab86936bd2be46cccc8973dcf1aaa1d095da3f3f93d9dcfe63c5d359eaacb61d0fab8e6cfe3b196cfead7f2