Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

Quarantine.exe

windows7-x64

1

Quarantine.exe

windows10-2004-x64

1

Resubmissions

19/02/2024, 20:09

240219-yxk73acc2v 6

19/02/2024, 20:09

240219-yw5v3scb9t 3

Analysis

  • max time kernel
    21s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/02/2024, 20:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Quarantine.exe

  • Size

    158KB

  • MD5

    d72dfb79a9fa73dd4c514c61ea459e0a

  • SHA1

    e6e1d03bf41eca58812bf206e7a1c225ea742dad

  • SHA256

    5d0ee5f845eaa035d53514e4435c33deec179230ee95cad356f5f4a824c08108

  • SHA512

    a5d7bdb91434a2be030e9c2141c72f83acd5442f18166effd1e554a0435e67a58a2101fd07b6e75d3bc3aec45e387aa8b3cec84bcefbe182c746780198b9e731

  • SSDEEP

    3072:JB/umH8RI2mBPX42UeGwiiiiih6666J66666eB2yUii9iiFPckuony:JlZ2qiiiiih6666J66666ekyUii9iiED

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
    "C:\Users\Admin\AppData\Local\Temp\Quarantine.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2288
    • C:\Windows\system32\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\94C1.tmp\Quarantine.bat""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2844
      • C:\Windows\system32\mode.com
        mode con lines=20 cols=70
        3⤵
          PID:2536

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\94C1.tmp\Quarantine.bat
      Filesize

      7KB

      MD5

      812fdbe81c5c1bef538abbc22c424241

      SHA1

      ace7e3c826d2980a917e26be7f3d88dd3da7c52f

      SHA256

      7c06bc80151fb6d3515090c6a85ddf2006d50412699d37135f9f54a479fbede2

      SHA512

      68eb61e01ef91831f1a32a837b88728014d3ddc0c26fdac5a3bb6f1bcc36a73095447bc1ea1f6c1fb2b7d72f225ad41b29cb72fd39245afdb508d88f82dacba7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\94C1.tmp\ps4rcc1.py
      Filesize

      367B

      MD5

      0e3e88f33e83dcbcfb19e070c55681ad

      SHA1

      b841ba4d987fd83621a2a8341b3eb55cd4784451

      SHA256

      b5c78fba035dd7534a410363e090b474435ff58ceda96cdedb880fdd427f36a9

      SHA512

      1a479561a9f9b9dbe9d72f26059af4c9ee002ae822931d8b270592a16c9fb5662771f6a3d87d4098738d496c48c853cdabfe8298f9f63a1f1d9e425c6a6a59f4

      Download Submit