Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11/08/2024, 18:40
Static task
static1
Behavioral task
behavioral1
Sample
e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064.exe
Resource
win10v2004-20240802-en
General
-
Target
e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064.exe
-
Size
1.7MB
-
MD5
8f3862191232959fc941afd4c2943b86
-
SHA1
edc93c5d1fa686eea9e264905b2840bfe699e3fd
-
SHA256
e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064
-
SHA512
70f1101af6120d624bd29d8228fed3d2a3bfbccaa1beecbdc0ffc740c1df23e86ff8569d28395431ae0efc8f921d2b6bb3bdcc0cb7bca89e9a835409d4a2bca9
-
SSDEEP
49152:y4TrJANOZtUWtr4CiVKyWtsPNdxfAeDFyQoo4I6+uyF6:ylNOHtr4CiVKyWtsPNVDFTohGL
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1512 e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064.exe 1512 e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064.exe 1512 e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064.exe 1512 e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1512 wrote to memory of 388 1512 e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064.exe 91 PID 1512 wrote to memory of 388 1512 e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064.exe 91 PID 388 wrote to memory of 1740 388 cmd.exe 93 PID 388 wrote to memory of 1740 388 cmd.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064.exe"C:\Users\Admin\AppData\Local\Temp\e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1512 -
C:\Windows\SYSTEM32\cmd.execmd.exe -c2⤵
- Suspicious use of WriteProcessMemory
PID:388 -
C:\Windows\system32\chcp.comchcp3⤵PID:1740
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4352,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=3952 /prefetch:81⤵PID:4272