Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

Quotation_...e_.exe

windows7_x64

5

Quotation_...e_.exe

windows10_x64

5

Analysis

  • max time kernel
    60s
  • max time network
    60s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    10/07/2020, 08:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Quotation_Request_IMAGE001_IMAGE002_IMAGE003_IMAGE004.exe_.exe

  • Size

    968KB

  • MD5

    3270f89a953f6ba0eab5ebc529b313d2

  • SHA1

    896101735f27c2b40695bb7727dcb889f61afb74

  • SHA256

    1e13e14b2d390dc75cc450654d0201bb43366bc2e4a028e0f5566630fea12630

  • SHA512

    135bff4e7d2e9a82019589ecb6b362a96acdc925ef54e92d72bf94380a65f86241835b91ce5a663e2ee8d4f5792e88ff711eae3d1a5353de6383057667aea17c

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Quotation_Request_IMAGE001_IMAGE002_IMAGE003_IMAGE004.exe_.exe
    "C:\Users\Admin\AppData\Local\Temp\Quotation_Request_IMAGE001_IMAGE002_IMAGE003_IMAGE004.exe_.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1492
    • C:\Users\Admin\AppData\Local\Temp\Quotation_Request_IMAGE001_IMAGE002_IMAGE003_IMAGE004.exe_.exe
      "{path}"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1600-0-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download