Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

9335ea5a12...4c.exe

windows7-x64

1

9335ea5a12...4c.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2024, 15:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9335ea5a12af26b81d42abbe6db47014bd9a10b6047d318ac3e9f3fb2c939d4c.exe

  • Size

    1.5MB

  • MD5

    5b3bd5baf8ab186dd351d303a589e4fa

  • SHA1

    d3f7982b2bbb9a7bb90c8ef82d8e7dd32e3f43e1

  • SHA256

    9335ea5a12af26b81d42abbe6db47014bd9a10b6047d318ac3e9f3fb2c939d4c

  • SHA512

    0762d145b6f70c2137ede6c6457c1f92711431f337ccbb61fa5abcaaf535582b305e82645af762869a4ac67720d607a5a864d2f4af6880d315bcb4c2948e1c41

  • SSDEEP

    24576:cNoF9LYbAtK5wlCDtm2MUrabZhcEGHghLjVPT+oU:cNoF9LbEwlKTMwabZjGAhLjlT+5

Score
1/10

Malware Config

Signatures

  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Gathers system information 1 TTPs 1 IoCs

    Runs systeminfo.exe.

  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9335ea5a12af26b81d42abbe6db47014bd9a10b6047d318ac3e9f3fb2c939d4c.exe
    "C:\Users\Admin\AppData\Local\Temp\9335ea5a12af26b81d42abbe6db47014bd9a10b6047d318ac3e9f3fb2c939d4c.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:532
    • C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /c systeminfo
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2728
      • C:\Windows\system32\systeminfo.exe
        systeminfo
        3⤵
        • Gathers system information
        PID:5004
    • C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /c route print
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2260
      • C:\Windows\system32\ROUTE.EXE
        route print
        3⤵
          PID:3672
      • C:\Windows\SYSTEM32\cmd.exe
        cmd.exe /c ipconfig /all
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1248
        • C:\Windows\system32\ipconfig.exe
          ipconfig /all
          3⤵
          • Gathers network information
          PID:3964

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/532-0-0x0000000000440000-0x0000000000451000-memory.dmp

      Filesize

      68KB

      Download

    • memory/532-1-0x0000000000440000-0x0000000000451000-memory.dmp

      Filesize

      68KB

      Download