Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
129s -
max time network
131s -
platform
windows10-1703_x64 -
resource
win10-20240214-en -
resource tags
arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system -
submitted
19/03/2024, 18:19
Static task
static1
Behavioral task
behavioral1
Sample
nc64.exe
Resource
win10-20240214-en
2 signatures
150 seconds
General
-
Target
nc64.exe
-
Size
44KB
-
MD5
523613a7b9dfa398cbd5ebd2dd0f4f38
-
SHA1
3e92f697d642d68bb766cc93e3130b36b2da2bab
-
SHA256
3e59379f585ebf0becb6b4e06d0fbbf806de28a4bb256e837b4555f1b4245571
-
SHA512
2ca42e21ebc26233c3822851d9fc82f950186820e10d3601c92b648415eb720f0e1a3a6d9d296497a3393a939a9424c47b1e5eaedfd864f96e3ab8986f6b35b5
-
SSDEEP
768:gaGHu/aKUAvRCXA/e6PfVVCJrxg/KKjMozd6jSemG0nf2Fcc5C+qLaVp:CuSzAvRCxmNVCgi+IjNmDO15C+qLaVp
Score
1/10
Malware Config
Signatures
-
Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.
pid Process 4472 ipconfig.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3320 wrote to memory of 4472 3320 cmd.exe 80 PID 3320 wrote to memory of 4472 3320 cmd.exe 80 PID 3320 wrote to memory of 1520 3320 cmd.exe 81 PID 3320 wrote to memory of 1520 3320 cmd.exe 81
Processes
-
C:\Users\Admin\AppData\Local\Temp\nc64.exe"C:\Users\Admin\AppData\Local\Temp\nc64.exe"1⤵PID:164
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3320 -
C:\Windows\system32\ipconfig.exeipconfig2⤵
- Gathers network information
PID:4472
-
-
C:\Windows\system32\find.exefind "IPv4"2⤵PID:1520
-