Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
7s -
max time network
9s -
platform
windows10-1703_x64 -
resource
win10-20240611-en -
resource tags
-
submitted
02/08/2024, 11:57
General
-
Target
updater.exe
-
Size
10.9MB
-
MD5
1c28034e116afe153b3b302a724c6d78
-
SHA1
e9f8cabd63fd4d63193ff474876f6a8b7fb98c00
-
SHA256
14e0ffd153b81fddd493dc323d574024696e0dbbef43e8ef02de3478162b8138
-
SHA512
09bbd832b0a1263d970ff848e9a3a76e2225c0fe22c668c6df35df25f91c1a6465425d3cfbb375b9fab235e32a82289f1db1dc716b121eb608fe7b5952d039ba
-
SSDEEP
98304:wK0QVCU1FA6WWB6kad0lTXvXeksplGcBmJNcZT+nTqGgjAGM8o:HlA6j4/Wl7eN9A8Mj
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\updater.exe"C:\Users\Admin\AppData\Local\Temp\updater.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\loader.exe".\loader.exe" .2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16.4MB
MD53e93b1dbd7ca5e177d41b671a66a5df8
SHA165557f3172317d525fefa0337268a3e684980f01
SHA2562473920941f50b4f64f17914aa6977a5592bef34aa62bd3e1dde3ba43595225e
SHA5122233ecc44d3e1e836d750adb756ecfceaed7352a483876f04801bf305f40722f56c27fb93dce77274786167bda3676e4a2192c55ffb604cf8827c78f49193194