Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

cryptolaemus

windows10-2004-x64

8

cryptolaemus

windows11-21h2-x64

1

Analysis

  • max time kernel
    112s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/06/2024, 07:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75d4cb0cd8002079daae9a32ee0b20277edb638252e8b87955a5d33fa7b57848.exe

  • Size

    13KB

  • MD5

    e4784d0f0fd76465461ab687f200d263

  • SHA1

    73bc06b1f5500c0ca127d14fe855d104f7ef9248

  • SHA256

    75d4cb0cd8002079daae9a32ee0b20277edb638252e8b87955a5d33fa7b57848

  • SHA512

    974ad832a935ed9a32c1650ad166fb860ca5dd68580c108055cd829ca54b86bcaf4438a35be3aabcbb40c8d3e50d2fdeaed686d73170c24ab6db990ea363c975

  • SSDEEP

    192:qqqI1/OXzitgeG68qVSgm5X+Vs4eGL9lCPy2GNz+SNCuYCqWlJdxqHPnI1x:cZit3iKLL9wGLk5WlJj+a

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75d4cb0cd8002079daae9a32ee0b20277edb638252e8b87955a5d33fa7b57848.exe
    "C:\Users\Admin\AppData\Local\Temp\75d4cb0cd8002079daae9a32ee0b20277edb638252e8b87955a5d33fa7b57848.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3860
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607071434364.exe 000001
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4156
      • C:\Users\Admin\AppData\Local\Temp\242607071434364.exe
        C:\Users\Admin\AppData\Local\Temp\242607071434364.exe 000001
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:2428
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607071459895.exe 000002
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:3384
          • C:\Users\Admin\AppData\Local\Temp\242607071459895.exe
            C:\Users\Admin\AppData\Local\Temp\242607071459895.exe 000002
            5⤵
            • Executes dropped EXE
            PID:5032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\242607071434364.exe
    Filesize

    13KB

    MD5

    4f4914a4eb960c0e43ba9b92f5fd0f1f

    SHA1

    f778b1002bcda4a26f5f20544185c513403dae5b

    SHA256

    9c4ed43b9fcbc60df2e508032473fa5b2c8aff8fd72202206884e33b123a8930

    SHA512

    c56de2a46344962b816d5554620ecfb8cd9aa5c1ab2dbd8c9b68d0f140360a2d5d01f722eaa595147ea64a9073f4e99546310b35f559a8a82396b925d170cb12

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\242607071459895.exe
    Filesize

    12KB

    MD5

    d5e7e3f36c539b695138c2780ae045ec

    SHA1

    ced77098d1cbf14c964bb3df42784abd4721c813

    SHA256

    9db6700a15312a2f67234efcc929cae299614b06ff00da2e14b97aeb54bdc25f

    SHA512

    05de406d1a1d070971c5ee5ae5e24745edeb79750ce18de9d83a994e80f71e27a44129b095766cf50de0d9083aeb91c060017f660652ef629770a73af04058b8

    Download Submit