Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
25/02/2024, 02:48
General
-
Target
949bc47770d75628e9890b4c3a58348a.exe
-
Size
479KB
-
MD5
949bc47770d75628e9890b4c3a58348a
-
SHA1
a702c82a2ec2e90a6fcbe18b846fc1ca4b675c34
-
SHA256
f7d3fdd54060e8ba9e444da46cc981c55193d8ed676c6374a84d408b7a789e4b
-
SHA512
56eda7cbe81ed260241d6da5f003e37ac1b991222b4146fabbd681147d364f14fd174a3e8cfc6ce1ce5818c8687420fdaf30ebde76edef40e40d06d069eb4925
-
SSDEEP
12288:bO4rfItL8HAHRGcOJSdgG30It/cRm975UO:bO4rQtGAH4DrG/co9VUO
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\949bc47770d75628e9890b4c3a58348a.exe"C:\Users\Admin\AppData\Local\Temp\949bc47770d75628e9890b4c3a58348a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\5B6E.tmp"C:\Users\Admin\AppData\Local\Temp\5B6E.tmp" --helpC:\Users\Admin\AppData\Local\Temp\949bc47770d75628e9890b4c3a58348a.exe D56C8418F57ED9C1375991AA8C78BBB031476275BFD8C4B63A14261D4168998A26E4A0C36436A6231B398816FCCA4A7A635BEAEE93F47025D0E3A1DD30A572C92⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
479KB
MD5edec6ca91db49bec13bdafd46f4412a1
SHA1d2702340433b32a817282712ddbb8efb9c4ae98e
SHA256d07ee307243b467b9d802843106e91669bade9a9b1861633031235c38bfb3c90
SHA512b0744a7fb2491df579ed61067c3d4c6895ebe0d4dbd5a107b39d54cfd499e92ee4a33a8a76dd569d4943539c3aba960ceb82c67333d617b45a92aad22611ad8f