Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

cryptolaemus

windows10-2004-x64

1

cryptolaemus

windows11-21h2-x64

8

Analysis

  • max time kernel
    90s
  • max time network
    98s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    07/06/2024, 06:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    370ad2de0197df732a290ed6580c34c1ea2960c4de826b95420c50fe40b07ada.exe

  • Size

    13KB

  • MD5

    8eabfe96feb8dc256ee17c0afa482f4b

  • SHA1

    c106a7e08704b96ab0c982e090c49e8fe34f4e81

  • SHA256

    370ad2de0197df732a290ed6580c34c1ea2960c4de826b95420c50fe40b07ada

  • SHA512

    da6f1aaf73ce3dd9133b7539ae2f62bda3cce7dcbfb4b16ffec573afdb2a705980f09d6d9d0f4731388872506a62a95ee6830c1d1921395f97e4cdf30a3e2ced

  • SSDEEP

    192:tYEI1BDJJ4yWSP6vmGFPY7B7nW/jmPgs2KF3ceNMLlQyb+jWlJdxqHmf1xPu:/ij4I5/GnVS++jWlJj+O

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\370ad2de0197df732a290ed6580c34c1ea2960c4de826b95420c50fe40b07ada.exe
    "C:\Users\Admin\AppData\Local\Temp\370ad2de0197df732a290ed6580c34c1ea2960c4de826b95420c50fe40b07ada.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3644
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607065809323.exe 000001
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3660
      • C:\Users\Admin\AppData\Local\Temp\242607065809323.exe
        C:\Users\Admin\AppData\Local\Temp\242607065809323.exe 000001
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:4820
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607065820104.exe 000002
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:4496
          • C:\Users\Admin\AppData\Local\Temp\242607065820104.exe
            C:\Users\Admin\AppData\Local\Temp\242607065820104.exe 000002
            5⤵
            • Executes dropped EXE
            PID:2936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\242607065809323.exe
    Filesize

    14KB

    MD5

    ea16dcdcbb24f780b75dcbadcb0b1297

    SHA1

    106473875dd8f276a073f0116af61b144372e16d

    SHA256

    374d691a4287cdf6d4c5085a90edf715b03cbe556b25042eaa0e355cd2fd22d1

    SHA512

    caa2830ce7ff0f82348fdbb601dfba85653f596989798846a1f46934fd76732316f4244df92df83519077455a631ae706aa517d1d8155c8a5e9849bd1d02cf9e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\242607065820104.exe
    Filesize

    14KB

    MD5

    07b1d2c0f718126896e8a57256ee6dfc

    SHA1

    0a5ca89de1ded6ba58cd6b16ef7c2f0d918776e4

    SHA256

    466ed5e6f29c455baefb6a7795bd0c7429ea4a4704817fd6ef0a6475ac40cd69

    SHA512

    c15fd1275a792ceef386c99cf662348e98e05391f89e59639fba1311771f0ee778bd30feaee373a551ee33c585de2265273c13ae2378fa5d5ac8b25db9916d7e

    Download Submit