Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
proecess_tweak.exe
-
Size
152KB
-
Sample
240406-sjr6kadf37
-
MD5
405e17f3d0148a762938a52155cceec3
-
SHA1
a01e3615c65caf0349302176f8fe06c0287220ff
-
SHA256
6047361195df841490029d548ec39d414f6df48d1f0b1bbfb8bf0c7a697fff5a
-
SHA512
3dda3321d16132bd8ad3299b37d1331eeb69acb402168ec3be9fcab787ad49adb253f1744b27ac24380d3a5bb9fbad8a8e37fc02b3bc509972447d18f080da3d
-
SSDEEP
3072:ovGyYiSDnt1M5GWp1icKAArDZz4N9GhbkrNEk1Sq4:M4Op0yN90QEp
Static task
static1
Behavioral task
behavioral1
Sample
proecess_tweak.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
proecess_tweak.exe
-
Size
152KB
-
MD5
405e17f3d0148a762938a52155cceec3
-
SHA1
a01e3615c65caf0349302176f8fe06c0287220ff
-
SHA256
6047361195df841490029d548ec39d414f6df48d1f0b1bbfb8bf0c7a697fff5a
-
SHA512
3dda3321d16132bd8ad3299b37d1331eeb69acb402168ec3be9fcab787ad49adb253f1744b27ac24380d3a5bb9fbad8a8e37fc02b3bc509972447d18f080da3d
-
SSDEEP
3072:ovGyYiSDnt1M5GWp1icKAArDZz4N9GhbkrNEk1Sq4:M4Op0yN90QEp
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-