Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

loader.exe

windows7-x64

1

loader.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/05/2024, 09:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    loader.exe

  • Size

    1.6MB

  • MD5

    9c3be7203ba00ad3a4aa5c060d92e032

  • SHA1

    73889da9d3516234b199902efdc996e830d7ed12

  • SHA256

    70092856c9eeb38f6d7c031f0300630ec27d3fbd9f751ab0d1246e35f86aba80

  • SHA512

    edb44fd610fddfd469242bf43c0c79997aac07ed1bf7d7263fd0ba49d923bde7b36254e89cd98039df8a9d6ad9914599eaaed22e4f29a8939638a58c5ff140ad

  • SSDEEP

    49152:x2+bFGaqjaqjyX3KLsRnkFyd+PfvSTgr8z:jk1yX3VRE

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\loader.exe
    "C:\Users\Admin\AppData\Local\Temp\loader.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2484
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\loader.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1504
      • C:\Windows\system32\certutil.exe
        certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\loader.exe" MD5
        3⤵
          PID:1900
        • C:\Windows\system32\find.exe
          find /i /v "md5"
          3⤵
            PID:2080
          • C:\Windows\system32\find.exe
            find /i /v "certutil"
            3⤵
              PID:868

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads