Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    140s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/03/2024, 16:00

General

  • Target

    c3c49ba1f06fca8a8b0b43c09f02711d.exe

  • Size

    9KB

  • MD5

    c3c49ba1f06fca8a8b0b43c09f02711d

  • SHA1

    9edc8837f7d70828f39744408f9f3158853b0333

  • SHA256

    32c2b7bbc4c7aa1e4c3c4512512bc5e0995c27884f1e484f57a9a9299c8d6dc9

  • SHA512

    2667ff0c67ae09193cad370aa7134e417b150d9347e9a4895fa1151be00d7518a7cae67d616333fe6716c809bdb43b9a17f3de747be5dd46dabc974ecce9694a

  • SSDEEP

    96:r2Q9dAIgfheyX7NY27MqHn2WfnamnQ4LIB/sWn/KPJAmwhhlkqRnKsmMf9ka:JXAFJdq2/faNns0/KPSr+qknCJ

Score
8/10

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c3c49ba1f06fca8a8b0b43c09f02711d.exe
    "C:\Users\Admin\AppData\Local\Temp\c3c49ba1f06fca8a8b0b43c09f02711d.exe"
    1⤵
    • Adds policy Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Windows\SysWOW64\ctfmon.exe
      ctfmon.exe
      2⤵
        PID:3016

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2156-0-0x0000000000400000-0x000000000040A000-memory.dmp

      Filesize

      40KB