Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
23/02/2024, 01:28
General
-
Target
4424853f7705508504929f533afc979d.exe
-
Size
479KB
-
MD5
4424853f7705508504929f533afc979d
-
SHA1
da6a8a8c3cc4c84e40a90f47c9abe70ce3e0bf87
-
SHA256
22a09ca5ac01b6d8c16b36dbc1d89f93a30ab0df007550110e07260c85e1c9ec
-
SHA512
df6750fcd7b574c28e170a9012f3cd65c2a0489cb7d08c55ea2ec11c39ade37b38d1ee15f52bd30f93af536f4863c1dde82953a25e912516b0335011590c1a7a
-
SSDEEP
12288:bO4rfItL8HAy6ykYc3RZKLo7ffHpLZVDsvW8975UO:bO4rQtGALsc3RZKLo73HxIf9VUO
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4424853f7705508504929f533afc979d.exe"C:\Users\Admin\AppData\Local\Temp\4424853f7705508504929f533afc979d.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\75CC.tmp"C:\Users\Admin\AppData\Local\Temp\75CC.tmp" --helpC:\Users\Admin\AppData\Local\Temp\4424853f7705508504929f533afc979d.exe 3DFD90DA031B247BA9A829D93E0B4B2EFCD512AA80FF33FC3C18A900987BAF5100D25B77435A718DA7BFDEE748B37E4F8FBC9B39AD6E66EACCFC674178AC4C342⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
479KB
MD5547a5b67eabc415769df43b56a06a414
SHA18422c1c9fb9e4495a49a814a36708b22e1dc27ad
SHA256a20e674e8ef4859a6ba27c7f38f1df24289f929edeb70ccefaf88713ff75088c
SHA51206301f03c80dae1610baaf3cea195286f3fda4dd49983bd5e506786deecba6a2e2407926ecab6c206305450d52340acf92b3f4d51a91c8cde6c29a154eaab3b3