Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows11-21h2_x64 -
resource
win11-20240730-en -
resource tags
arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system -
submitted
01/08/2024, 23:33
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Byr723V3Cq1.exe
Resource
win11-20240730-en
windows11-21h2-x64
3 signatures
150 seconds
General
-
Target
Byr723V3Cq1.exe
-
Size
5.6MB
-
MD5
8e465b47c0e96417d43e2ab6f4a2062d
-
SHA1
92db0a431145439c42c96e4a677ca1d2b5fa210a
-
SHA256
be967be4a0a18f81fe8a1ca958f310364b7a2e96abaa6397b64d6bff584aaf0f
-
SHA512
b8799b263b81defa710a7600af49451fd969de472df0902fd830293224274954732b51cfd316abc0138e31145241bb35ae3b55d9a9d773b64591d842faa92c2f
-
SSDEEP
98304:IzvRocfNhwHAMHHWNxv9PPj3/C6N/Qs0yZQCsT7W5ZCw2KurlfP9SXL:G9anMRNz/HNMwdsToZCHhtS
Score
5/10
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
pid Process 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe 4600 Byr723V3Cq1.exe -
Suspicious use of WriteProcessMemory 10 IoCs
description pid Process procid_target PID 4600 wrote to memory of 1164 4600 Byr723V3Cq1.exe 83 PID 4600 wrote to memory of 1164 4600 Byr723V3Cq1.exe 83 PID 1164 wrote to memory of 2660 1164 cmd.exe 84 PID 1164 wrote to memory of 2660 1164 cmd.exe 84 PID 1164 wrote to memory of 4916 1164 cmd.exe 85 PID 1164 wrote to memory of 4916 1164 cmd.exe 85 PID 1164 wrote to memory of 2168 1164 cmd.exe 86 PID 1164 wrote to memory of 2168 1164 cmd.exe 86 PID 4600 wrote to memory of 2840 4600 Byr723V3Cq1.exe 87 PID 4600 wrote to memory of 2840 4600 Byr723V3Cq1.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\Byr723V3Cq1.exe"C:\Users\Admin\AppData\Local\Temp\Byr723V3Cq1.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4600 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Byr723V3Cq1.exe" MD5 | find /i /v "md5" | find /i /v "certutil"2⤵
- Suspicious use of WriteProcessMemory
PID:1164 -
C:\Windows\system32\certutil.execertutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Byr723V3Cq1.exe" MD53⤵PID:2660
-
-
C:\Windows\system32\find.exefind /i /v "md5"3⤵PID:4916
-
-
C:\Windows\system32\find.exefind /i /v "certutil"3⤵PID:2168
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c CLS2⤵PID:2840
-