Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

22891453.exe

windows10-2004-x64

1

Resubmissions

19/03/2024, 05:16

240319-fyb2nsbd8s 3

19/03/2024, 02:16

240319-cp6yxafd9z 6

Analysis

  • max time kernel
    131s
  • max time network
    203s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/03/2024, 05:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22891453.exe

  • Size

    74KB

  • MD5

    0b3b9eaf06832cb9c5b5252e20bf6398

  • SHA1

    61929eba0bca5476ec54231988ffdc5531ace2ef

  • SHA256

    439202c41928e352f46c1181b40758485b93b87e0b007ffeb05da30dfe5399b7

  • SHA512

    b30c855ff47f2cc8fe754563596217c8a396ac2e1abe614b353c0e00de065febdd1b25fca53e9e040c3d4479d274b125339e27eb88920b4c20c41c6627a5d2b3

  • SSDEEP

    1536:lGQXlk2qxJZKBViNqupsu8w1duOoWsFxQJVsWN5mcdam1lSe9I:lAZKBVCFVp1duLWgwV5Ham1lSeK

Score
1/10

Malware Config

Signatures

  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22891453.exe
    "C:\Users\Admin\AppData\Local\Temp\22891453.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2240
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c "ipconfig /all"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2960
      • C:\Windows\SysWOW64\ipconfig.exe
        ipconfig /all
        3⤵
        • Gathers network information
        PID:1536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads