Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
26/03/2024, 04:06
General
-
Target
ca85dead9e5b5c78bde999418cb1a3c6.exe
-
Size
435KB
-
MD5
ca85dead9e5b5c78bde999418cb1a3c6
-
SHA1
a2a80324723a749fea9277d998be6a96b710b9d7
-
SHA256
fecbcf9a27d17ff8490e12eb78a2afb23ed4bfe77b03c0a1637c390f26345342
-
SHA512
cf0335c98b11f83fde646edeef3d97b2b4e29cc97386c84fd53d831de49beb4d4eb39baa460be7fef934ca8944ae713fc43c6d6edbe62dcd100eb89d88d8211f
-
SSDEEP
12288:NW48Uekie0ghBNOZRmgWqlSuOO2pyOVfG14HWaSA:NW48Uekie/BN6RmXdu4QOVfG1GWa
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ca85dead9e5b5c78bde999418cb1a3c6.exe"C:\Users\Admin\AppData\Local\Temp\ca85dead9e5b5c78bde999418cb1a3c6.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4546.tmp"C:\Users\Admin\AppData\Local\Temp\4546.tmp" --helpC:\Users\Admin\AppData\Local\Temp\ca85dead9e5b5c78bde999418cb1a3c6.exe 0140852C59E990259FBDA2E06D8006D33CA2BB38D865477A2FBAD89EA806A7DE7E96C66B273A742501A92BDBBC24A8C5A1C0B8C85FD905206365ED92BF213E3D2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
435KB
MD5989f38bba9241cc68d502101c1ecacfb
SHA1fdecaf2a93f2c48b8b9ec57de3febd2462526870
SHA2567d5f472599592a50cb837f33701288fb46b36c9dcba0c84b5069ff4a128c4cab
SHA512b0c591cdf9e2f1d7eed20d80e484805ffd148bd7b06dc9a4bd0601486c77bfc17ec7a2e59ef8b9978fe5c1a800d2ca4cc7dc1c8662054daa5555e3776771802a