Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
10/03/2024, 07:00
General
-
Target
bdf852ec05009c4f80414ad63169ace6.exe
-
Size
542KB
-
MD5
bdf852ec05009c4f80414ad63169ace6
-
SHA1
f5980cdc0763209cb6c941f1e2a1aa7db8043199
-
SHA256
bebae75f3bd53bc1286bddb1c59d43321c381fe63093900fd1a28362d3cf1a34
-
SHA512
29000849b85b316de82387ba8935c28b236d82b60f7d9c6c41af45d9b7cebc88a29721a145bb01cfa897484a767402973b6d626eadf5ac9dcfd48eb0fc7905a2
-
SSDEEP
12288:Ie6cPBhTwXIMbK1R7d8IiTvSGT8gtFRHHkX+pd167QhEX+zQ:IJQTwYMb6dqIiLSGbFNkE6EhTQ
Score
10/10
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 1 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
-
Program crash 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bdf852ec05009c4f80414ad63169ace6.exe"C:\Users\Admin\AppData\Local\Temp\bdf852ec05009c4f80414ad63169ace6.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 1402⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2620 -ip 26201⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
930KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
930KB