Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    31s
  • max time network
    36s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/05/2024, 23:27

General

  • Target

    run-scanvirus-startup.exe

  • Size

    91KB

  • MD5

    66c623e47a13b30a3064a180a19dd1af

  • SHA1

    81b685fb44e1fcdb8a761a309a67c54efe9ec3fb

  • SHA256

    c52e55d927dfa1050e327681f4bb6c326e140c8d1f6b15cdec935ed9eaa32024

  • SHA512

    9d3fd5aba0d847ff0f2ae455079d52085fa8a6eae524b5ae6914e21aca9ef84cdd363824ed5198164bcb526750f1615ef1670053624fe74f34c0706e12ede2bc

  • SSDEEP

    1536:X7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIf8wWAOc:L7DhdC6kzWypvaQ0FxyNTBf85I

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 30 IoCs
  • Views/modifies file attributes 1 TTPs 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\run-scanvirus-startup.exe
    "C:\Users\Admin\AppData\Local\Temp\run-scanvirus-startup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\2C99.tmp\2D17.tmp\2D18.bat C:\Users\Admin\AppData\Local\Temp\run-scanvirus-startup.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:408
      • C:\Windows\system32\cacls.exe
        "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
        3⤵
          PID:2152
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\2C99.tmp\2D17.tmp\2D18.bat"
          3⤵
          • Views/modifies file attributes
          PID:2724
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\395c7134-c35a-407c-9826-bf6a3f28c210.tmp"
          3⤵
          • Views/modifies file attributes
          PID:5024
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\5d54980f-b155-4469-b9a9-f441d41a1f68.tmp"
          3⤵
          • Views/modifies file attributes
          PID:3372
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\8fe0199f-ddba-497a-93c1-6ad2cb13f63c.tmp"
          3⤵
          • Views/modifies file attributes
          PID:3356
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\c8f4954d-1f68-4425-af83-03cfc46b8f96.tmp"
          3⤵
          • Views/modifies file attributes
          PID:32
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\wct5BD6.tmp"
          3⤵
          • Views/modifies file attributes
          PID:228
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\wct9557.tmp"
          3⤵
          • Views/modifies file attributes
          PID:2296
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\wctA166.tmp"
          3⤵
          • Views/modifies file attributes
          PID:464
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\wctC1D4.tmp"
          3⤵
          • Views/modifies file attributes
          PID:3892
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\wctC2AA.tmp"
          3⤵
          • Views/modifies file attributes
          PID:4184
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\2C99.tmp\2D17.tmp\2F3C.tmp"
          3⤵
          • Views/modifies file attributes
          PID:1160
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\scoped_dir4928_1383657342\c8f4954d-1f68-4425-af83-03cfc46b8f96.tmp"
          3⤵
          • Views/modifies file attributes
          PID:4976
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\scoped_dir4928_1573648347\5d54980f-b155-4469-b9a9-f441d41a1f68.tmp"
          3⤵
          • Views/modifies file attributes
          PID:4564

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\2C99.tmp\2D17.tmp\2D18.bat

      Filesize

      2KB

      MD5

      201325b50e17496d043dd86fa4f59cd4

      SHA1

      984541701da6805fa3414e2a4f72b934e5294ef9

      SHA256

      a604746d1477702ff5e6686f2fae526b511b79b2c7eedce8f218b3fa0f64ca74

      SHA512

      d74a2981cd2d5e141df54a8863721a85389497436d70daf0a86c67d109da9e8477a9e37714b2abcab679871c8d37eac88e67ef270acc041ca31720396f7b3ff4