Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10/05/2024, 12:33
Static task
static1
Behavioral task
behavioral1
Sample
3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
51B4EF5DC9D26B7A26E214CEE90598631E2EAA67.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
E906FA3D51E86A61741B3499145A114E9BFB7C56.exe
Resource
win10v2004-20240508-en
General
-
Target
51B4EF5DC9D26B7A26E214CEE90598631E2EAA67.exe
-
Size
257KB
-
MD5
6e080aa085293bb9fbdcc9015337d309
-
SHA1
51b4ef5dc9d26b7a26e214cee90598631e2eaa67
-
SHA256
9b462800f1bef019d7ec00098682d3ea7fc60e6721555f616399228e4e3ad122
-
SHA512
4e173fb5287c7ea8ff116099ec1a0599b37f743f8b798368319b5960af38e742124223dfd209457665b701e9efc6e76071fa2513322b232ac50ddad21fcebe77
-
SSDEEP
6144:xy+als+0nIycigV5cbEo6dZbBODPIsjQ/UFsYW:xy+aCFnIycigVSbObBODTMUd
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4900 wrote to memory of 3436 4900 51B4EF5DC9D26B7A26E214CEE90598631E2EAA67.exe 82 PID 4900 wrote to memory of 3436 4900 51B4EF5DC9D26B7A26E214CEE90598631E2EAA67.exe 82 PID 4900 wrote to memory of 3436 4900 51B4EF5DC9D26B7A26E214CEE90598631E2EAA67.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\51B4EF5DC9D26B7A26E214CEE90598631E2EAA67.exe"C:\Users\Admin\AppData\Local\Temp\51B4EF5DC9D26B7A26E214CEE90598631E2EAA67.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4900 -
C:\Users\Admin\AppData\Local\Temp\51B4EF5DC9D26B7A26E214CEE90598631E2EAA67.exeC:\Users\Admin\AppData\Local\Temp\51B4EF5DC9D26B7A26E214CEE90598631E2EAA67.exe2⤵PID:3436
-