Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

Sysmon.exe

windows7-x64

7

Sysmon.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    66s
  • max time network
    54s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/04/2024, 09:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Sysmon.exe

  • Size

    3.5MB

  • MD5

    c2f59c783a26dd480bafcc9955a99f42

  • SHA1

    e6951e1a5d57e5ed56e4ca179258cf269724efa7

  • SHA256

    8c50ce44732912726e5ab0958e4199deee77f904cd746369f37b91e67a9826c6

  • SHA512

    f71f78b9d6845971016b519d05a2eff5783f56b674ab20484e92de0ae1fe3eccb20c8d7cb842bdd6d6d0168896a6e73368b051c254a1cd51de403ad47d31bfdb

  • SSDEEP

    49152:5FarAOQsMZqNYvL9XH/FP8WW2pcinUCGiZ21uYecaBBfE27rf+Sm:5F9sMzL9XHl7s8BBBK

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Sysmon.exe
    "C:\Users\Admin\AppData\Local\Temp\Sysmon.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1020
    • C:\Users\Admin\AppData\Local\Temp\SYS1849024977\Sysmon.exe
      "C:\Users\Admin\AppData\Local\Temp\Sysmon.exe"
      2⤵
      • Executes dropped EXE
      PID:4488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\SYS1849024977\Sysmon.exe
    Filesize

    1.9MB

    MD5

    3cc92c9b0b56be9bb7ac2e3c63d3f60f

    SHA1

    e7cd3eb94ec7111e18e3e62d2291d949db09436c

    SHA256

    5422e288a3699e1560bf832c8daabc65d78590b6d78c3baa9f788da67dea049d

    SHA512

    60e8c8a207c7855ed3db301bcd05d5d03956b661563e3ce443429f8ebe71eaaf788167b00029afc84d3d988942511267dd1b02a313f0dc5f826d6833b0b5598d

    Download Submit