Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1469s -
max time network
1482s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
17/08/2024, 10:57
General
-
Target
build patch.exe
-
Size
1.4MB
-
MD5
12e377b3790dfe601181b1d20f47c3e3
-
SHA1
ea56f83370eea618df26837524454bf8487c9976
-
SHA256
86e0c4a3ad1c88d1bc22efa39311b80de428291d40f89a43cfc199a563b9be3f
-
SHA512
f6f3deb097a751341937f1f944e74a84c3b96aca7892ade01e50da854fc5d5ad3727f4c1ea4dbf1c881ab9a7007f6fcd51c7a5d87fa11a965367371613ca3107
-
SSDEEP
24576:wzJnIwl1Hsf2BZ9JnMKKQZiXDeOPaW4C30Wemex2ze+9SpPLn7J0:wNdsf2dJnMQ0mPe
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\build patch.exe"C:\Users\Admin\AppData\Local\Temp\build patch.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c color f2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\build patch.exe" MD5 | find /i /v "md5" | find /i /v "certutil"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\certutil.execertutil -hashfile "C:\Users\Admin\AppData\Local\Temp\build patch.exe" MD53⤵
-
-
C:\Windows\system32\find.exefind /i /v "md5"3⤵
-
-
C:\Windows\system32\find.exefind /i /v "certutil"3⤵
-
-