Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    16s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    24/08/2024, 21:50

General

  • Target

    C11Executor23.exe

  • Size

    515KB

  • MD5

    66a87c841aa4cdb915dd9940c2f6cd64

  • SHA1

    35a28ebd8184af91f825b4dd1ea85af74bd2b1c3

  • SHA256

    9082c8a1083ba1cd9e58a767eddfa11e84fcca0915e846219a7080dd7645a6cb

  • SHA512

    19dd13169b031b64558fa4024b403e8ad66d0b9f3b82705c3eca77715a5bb4ee2fa7abf7b8b0ad850816bb30c5813aed03319b55490e16bdf7e236e40cd292f2

  • SSDEEP

    12288:/iPu2vepKVQB4jd+UAdnSZaJ0CF7DUNaqjnznegDEIey7WDQdz:/MRvePsd+UAd8aTZDQamnznegVP7WDQ

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
    "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
      "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1724
      • C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
        "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2380
        • C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
          "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:2680
          • C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
            "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:2744
            • C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
              "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
              6⤵
              • Suspicious use of WriteProcessMemory
              PID:2848
              • C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
                "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
                7⤵
                • Suspicious use of WriteProcessMemory
                PID:2732
                • C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe
                  "C:\Users\Admin\AppData\Local\Temp\C11Executor23.exe"
                  8⤵
                    PID:2920

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1724-2-0x000007FEF5960000-0x000007FEF634C000-memory.dmp

      Filesize

      9.9MB

    • memory/1724-3-0x000007FEF5960000-0x000007FEF634C000-memory.dmp

      Filesize

      9.9MB

    • memory/2080-0-0x000007FEF5963000-0x000007FEF5964000-memory.dmp

      Filesize

      4KB

    • memory/2080-1-0x00000000012E0000-0x0000000001368000-memory.dmp

      Filesize

      544KB