Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    122s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/03/2024, 01:36

General

  • Target

    bd524cae7aa56941e2283ff82346e2f5.exe

  • Size

    1.6MB

  • MD5

    bd524cae7aa56941e2283ff82346e2f5

  • SHA1

    faa70c855a4405fbff04810a0ea4e5b395717f81

  • SHA256

    9ccf9c66e3e161fcf01f96e83d167df57202f15891e221c4a16dc25ca83985a4

  • SHA512

    b48cde98396e1ec9169b8dd5675a39b7a6cef9cdd3e4ebc382da8c9e8fe3f294cb8771f7e121def2f7018a074723b9458aa8a9993461c670ba66d3c757b1d570

  • SSDEEP

    24576:Eb5kSYaLTVl6HaN1p6Tb8sMnZ6aU3CSDr0i7MZx/gBMuUFXeCghXx:Eb5k2L5jwlbtrrr7MDTPOCM

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd524cae7aa56941e2283ff82346e2f5.exe
    "C:\Users\Admin\AppData\Local\Temp\bd524cae7aa56941e2283ff82346e2f5.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:744
    • C:\Windows\system32\cmd.exe
      cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\bd524cae7aa56941e2283ff82346e2f5.exe"
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:1096
      • C:\Windows\system32\PING.EXE
        ping 1.1.1.1 -n 1 -w 6000
        3⤵
        • Runs ping.exe
        PID:2916

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads