Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
01/05/2024, 23:06
General
-
Target
6fe8287e897dbd825d02b00a2d59f464127b90497b3eb7aa263fb1c39056d8f4.exe
-
Size
40KB
-
MD5
a1c4584147f6adad815bb97051e9bed2
-
SHA1
f89e7bd6d29aae35201dac24b3ec28bea12bef1f
-
SHA256
6fe8287e897dbd825d02b00a2d59f464127b90497b3eb7aa263fb1c39056d8f4
-
SHA512
ebcd306d197f47380aa3f775a1154908955e618d44b4b4885a2b8847c06542f6c4a773741850fc2310086286934130a6cfc151803771fc6189554497d9fe7010
-
SSDEEP
768:KOxZOgIryM1P3oO2y8UN2ivcTTJlu71TFA9nn0OjDDdmo/SK2OURvXZuZmLaFQ:nSgy19JSVO1ONn511/tivXZxLaq
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6fe8287e897dbd825d02b00a2d59f464127b90497b3eb7aa263fb1c39056d8f4.exe"C:\Users\Admin\AppData\Local\Temp\6fe8287e897dbd825d02b00a2d59f464127b90497b3eb7aa263fb1c39056d8f4.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhhh.exec:\tnnhhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnbb.exec:\bbtnbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlfrrr.exec:\lxlfrrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdp.exec:\vjjdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ttnbt.exec:\3ttnbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjpj.exec:\ddjpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfxrl.exec:\fllfxrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bthtt.exec:\7bthtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tthtn.exec:\9tthtn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddd.exec:\jdddd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfflfx.exec:\rxfflfx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xfflfl.exec:\1xfflfl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjd.exec:\pdpjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxlfxx.exec:\lrxlfxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbbtt.exec:\1bbbtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdpj.exec:\vjdpj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjvp.exec:\jdjvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrrll.exec:\rrxrrll.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhbb.exec:\bhnhbb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djppv.exec:\djppv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbnbb.exec:\thbnbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbttt.exec:\thbttt.exe23⤵
- Executes dropped EXE
-
\??\c:\pjjvp.exec:\pjjvp.exe24⤵
- Executes dropped EXE
-
\??\c:\dppdp.exec:\dppdp.exe25⤵
- Executes dropped EXE
-
\??\c:\1rxrxrx.exec:\1rxrxrx.exe26⤵
- Executes dropped EXE
-
\??\c:\xrxxrrx.exec:\xrxxrrx.exe27⤵
- Executes dropped EXE
-
\??\c:\hhhttn.exec:\hhhttn.exe28⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe29⤵
- Executes dropped EXE
-
\??\c:\dpvpd.exec:\dpvpd.exe30⤵
- Executes dropped EXE
-
\??\c:\vppjp.exec:\vppjp.exe31⤵
- Executes dropped EXE
-
\??\c:\xllffxf.exec:\xllffxf.exe32⤵
- Executes dropped EXE
-
\??\c:\lllrlfx.exec:\lllrlfx.exe33⤵
- Executes dropped EXE
-
\??\c:\tnthbt.exec:\tnthbt.exe34⤵
- Executes dropped EXE
-
\??\c:\thnhtt.exec:\thnhtt.exe35⤵
- Executes dropped EXE
-
\??\c:\9dvpd.exec:\9dvpd.exe36⤵
- Executes dropped EXE
-
\??\c:\vdjvj.exec:\vdjvj.exe37⤵
- Executes dropped EXE
-
\??\c:\xlfrffr.exec:\xlfrffr.exe38⤵
- Executes dropped EXE
-
\??\c:\fxffxff.exec:\fxffxff.exe39⤵
- Executes dropped EXE
-
\??\c:\hntnhh.exec:\hntnhh.exe40⤵
- Executes dropped EXE
-
\??\c:\3pvvj.exec:\3pvvj.exe41⤵
- Executes dropped EXE
-
\??\c:\vjvjj.exec:\vjvjj.exe42⤵
- Executes dropped EXE
-
\??\c:\7xxrffr.exec:\7xxrffr.exe43⤵
- Executes dropped EXE
-
\??\c:\xrxrrrx.exec:\xrxrrrx.exe44⤵
- Executes dropped EXE
-
\??\c:\bhhbnh.exec:\bhhbnh.exe45⤵
- Executes dropped EXE
-
\??\c:\bnhbnh.exec:\bnhbnh.exe46⤵
- Executes dropped EXE
-
\??\c:\tnhbnh.exec:\tnhbnh.exe47⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe48⤵
- Executes dropped EXE
-
\??\c:\1rrrfff.exec:\1rrrfff.exe49⤵
- Executes dropped EXE
-
\??\c:\httnhh.exec:\httnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\bttthh.exec:\bttthh.exe51⤵
- Executes dropped EXE
-
\??\c:\djvvp.exec:\djvvp.exe52⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe53⤵
- Executes dropped EXE
-
\??\c:\ppvpp.exec:\ppvpp.exe54⤵
- Executes dropped EXE
-
\??\c:\lxfxrlf.exec:\lxfxrlf.exe55⤵
- Executes dropped EXE
-
\??\c:\tnhhbb.exec:\tnhhbb.exe56⤵
- Executes dropped EXE
-
\??\c:\thnbnn.exec:\thnbnn.exe57⤵
- Executes dropped EXE
-
\??\c:\nhbhhn.exec:\nhbhhn.exe58⤵
- Executes dropped EXE
-
\??\c:\5pvpd.exec:\5pvpd.exe59⤵
- Executes dropped EXE
-
\??\c:\lflfxxx.exec:\lflfxxx.exe60⤵
- Executes dropped EXE
-
\??\c:\llxxffl.exec:\llxxffl.exe61⤵
- Executes dropped EXE
-
\??\c:\9ntnbt.exec:\9ntnbt.exe62⤵
- Executes dropped EXE
-
\??\c:\vvdvj.exec:\vvdvj.exe63⤵
- Executes dropped EXE
-
\??\c:\pjvdd.exec:\pjvdd.exe64⤵
- Executes dropped EXE
-
\??\c:\rllxfxl.exec:\rllxfxl.exe65⤵
- Executes dropped EXE
-
\??\c:\xxfrlfx.exec:\xxfrlfx.exe66⤵
- Executes dropped EXE
-
\??\c:\hbhhbh.exec:\hbhhbh.exe67⤵
-
\??\c:\jdppj.exec:\jdppj.exe68⤵
-
\??\c:\rxfxlll.exec:\rxfxlll.exe69⤵
-
\??\c:\9lxrxxf.exec:\9lxrxxf.exe70⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe71⤵
-
\??\c:\tnnnbt.exec:\tnnnbt.exe72⤵
-
\??\c:\jddpp.exec:\jddpp.exe73⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe74⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe75⤵
-
\??\c:\xrrfxxr.exec:\xrrfxxr.exe76⤵
-
\??\c:\btbbtb.exec:\btbbtb.exe77⤵
-
\??\c:\bnnnbb.exec:\bnnnbb.exe78⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe79⤵
-
\??\c:\vppjd.exec:\vppjd.exe80⤵
-
\??\c:\3jjdp.exec:\3jjdp.exe81⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe82⤵
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe83⤵
-
\??\c:\5hhbtt.exec:\5hhbtt.exe84⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe85⤵
-
\??\c:\pdjvp.exec:\pdjvp.exe86⤵
-
\??\c:\rlrlxxx.exec:\rlrlxxx.exe87⤵
-
\??\c:\hbtntt.exec:\hbtntt.exe88⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe89⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe90⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe91⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe92⤵
-
\??\c:\lxxfrfx.exec:\lxxfrfx.exe93⤵
-
\??\c:\xxfxrfx.exec:\xxfxrfx.exe94⤵
-
\??\c:\httnhh.exec:\httnhh.exe95⤵
-
\??\c:\hbtthh.exec:\hbtthh.exe96⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe97⤵
-
\??\c:\lffxxxx.exec:\lffxxxx.exe98⤵
-
\??\c:\rflfxxr.exec:\rflfxxr.exe99⤵
-
\??\c:\thnnhb.exec:\thnnhb.exe100⤵
-
\??\c:\hbbtth.exec:\hbbtth.exe101⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe102⤵
-
\??\c:\dddvp.exec:\dddvp.exe103⤵
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe104⤵
-
\??\c:\btttnn.exec:\btttnn.exe105⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe106⤵
-
\??\c:\tnbthb.exec:\tnbthb.exe107⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe108⤵
-
\??\c:\rlfxrrx.exec:\rlfxrrx.exe109⤵
-
\??\c:\5hhbtt.exec:\5hhbtt.exe110⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe111⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe112⤵
-
\??\c:\rffxffr.exec:\rffxffr.exe113⤵
-
\??\c:\fxxlfxr.exec:\fxxlfxr.exe114⤵
-
\??\c:\fxxrrrx.exec:\fxxrrrx.exe115⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe116⤵
-
\??\c:\dvppd.exec:\dvppd.exe117⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe118⤵
-
\??\c:\xfflllr.exec:\xfflllr.exe119⤵
-
\??\c:\xlrrrlr.exec:\xlrrrlr.exe120⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-