Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
13/02/2024, 18:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
filename.exe
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
filename.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
filename.exe
-
Size
1.4MB
-
MD5
1db34920c3ae3eb8560695f89e92d930
-
SHA1
531fea122037a7b503e0fcb42aa24382a9631ac8
-
SHA256
569cf3de44279490ab8fe47d78ace6d5cbd6e6413be9d14316d31338eef12bdd
-
SHA512
b311b876c06e8d056a06991a8ebbcfd56c47a0b5d72e5f6ac94a20546f5c7bb857b143d22a09649e630d2474dfe8b7c9115b102443fe12910969f55178a74336
-
SSDEEP
24576:y0/wpWGxRsnyM3LF+0mlBnjs60nEisX1N9rm1Jo/13JQyjLc22dEaY7Unbya87CJ://wn0x3LFfmHnIZE9rm1Ji3hLc22dEa3
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1976 set thread context of 1092 1976 filename.exe 90 -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe 1976 filename.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1976 filename.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs
pid Process 1976 filename.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1976 wrote to memory of 1092 1976 filename.exe 90 PID 1976 wrote to memory of 1092 1976 filename.exe 90 PID 1976 wrote to memory of 1092 1976 filename.exe 90 PID 1976 wrote to memory of 1092 1976 filename.exe 90 PID 1976 wrote to memory of 1092 1976 filename.exe 90 PID 1976 wrote to memory of 1092 1976 filename.exe 90 PID 1976 wrote to memory of 1092 1976 filename.exe 90 PID 1976 wrote to memory of 1092 1976 filename.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\filename.exe"C:\Users\Admin\AppData\Local\Temp\filename.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:1976 -
C:\Windows\SysWOW64\ctfmon.exe"C:\Windows\SysWOW64\ctfmon.exe -p 1234"2⤵PID:1092
-