Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    146s
  • max time network
    183s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/01/2024, 12:10

General

  • Target

    40d2af967b3afe59eff115b24d1753e5.exe

  • Size

    202KB

  • MD5

    40d2af967b3afe59eff115b24d1753e5

  • SHA1

    2e7b2ab82e199a4be4302091db1b844cd91dd402

  • SHA256

    b04cb415c3d2e04d4671687f3a1f028e6c2e2bd8dccf176db47f15f28e44118d

  • SHA512

    7ce7ed9e2be1db2e45d8950c05797c8fc1007dfa6eaea89aa628a9ea23ce0c7677502f3cd256f9381c31be4ef567bca5286c476e87cccb2409f87090f2a41057

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/e8FpwtkaZgxkz:o68i3odBiTl2+TCU/6tkqz

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\40d2af967b3afe59eff115b24d1753e5.exe
    "C:\Users\Admin\AppData\Local\Temp\40d2af967b3afe59eff115b24d1753e5.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4984
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\bugMAKER.bat
      2⤵
        PID:1468

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4984-5-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

    • memory/4984-25-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB