Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    138s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 21:22

General

  • Target

    1cd68275af3e896c65c5c7ff3e66b0c4.exe

  • Size

    57KB

  • MD5

    1cd68275af3e896c65c5c7ff3e66b0c4

  • SHA1

    aa8640a7051bafa8705aefa2b5ae0d1314f0f372

  • SHA256

    48a3f6109a55c4227a22bf617b17994618ceb470bb515b1fdcafc6f66a33736c

  • SHA512

    2ed1ac6608f35e3876a785b1c8b846801122ecc14ebff4ce9ded1039f7a88990d2e47ef1b4f57b1abe8e40183e3927dfcb66b06b4eba811084e8ebcb09f31cf4

  • SSDEEP

    768:vCru/f9Iw/E6zy4n8uZ5tUXMJ+fROUmELY2glEbM3j+rd+fpRiTWNReOOe:71Tzy48untU8fOMEI3jyYfPiuOe

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1cd68275af3e896c65c5c7ff3e66b0c4.exe
    "C:\Users\Admin\AppData\Local\Temp\1cd68275af3e896c65c5c7ff3e66b0c4.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3180
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\43DF.tmp\1.bat" "C:\Users\Admin\AppData\Local\Temp\1cd68275af3e896c65c5c7ff3e66b0c4.exe""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1960
      • C:\Windows\SysWOW64\iexpress.exe
        iexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\popup.sed
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3112
        • C:\Windows\SysWOW64\makecab.exe
          C:\Windows\SysWOW64\makecab.exe /f "~%TargetName%.DDF"
          4⤵
            PID:4360

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads