Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

0323b4326b...02.exe

windows7_x64

10

0323b4326b...02.exe

windows10_x64

10

0898a80dc2...92.exe

windows7_x64

10

0898a80dc2...92.exe

windows10_x64

10

0aaecf7f77...91.exe

windows7_x64

10

0aaecf7f77...91.exe

windows10_x64

10

150e8ef3f1...02.exe

windows7_x64

10

150e8ef3f1...02.exe

windows10_x64

10

23e95ba676...7f.exe

windows7_x64

10

23e95ba676...7f.exe

windows10_x64

10

28e7dc4aeb...33.exe

windows7_x64

28e7dc4aeb...33.exe

windows10_x64

10

350b0d6ae2...d7.exe

windows7_x64

1

350b0d6ae2...d7.exe

windows10_x64

1

3a6ebac4f8...ca.exe

windows7_x64

10

3a6ebac4f8...ca.exe

windows10_x64

10

3fe801df14...4f.exe

windows7_x64

8

3fe801df14...4f.exe

windows10_x64

8

41367ad447...00.exe

windows7_x64

10

41367ad447...00.exe

windows10_x64

10

48f4749f13...77.exe

windows7_x64

1

48f4749f13...77.exe

windows10_x64

1

499d936c22...82.exe

windows7_x64

10

499d936c22...82.exe

windows10_x64

10

4b5a6926ab...d1.exe

windows7_x64

1

4b5a6926ab...d1.exe

windows10_x64

1

4bb0d8eb6b...81.exe

windows7_x64

10

4bb0d8eb6b...81.exe

windows10_x64

10

5de3d5a337...ed.exe

windows7_x64

10

5de3d5a337...ed.exe

windows10_x64

10

5e2b2fe65d...20.exe

windows7_x64

1

5e2b2fe65d...20.exe

windows10_x64

3

Analysis

  • max time kernel
    153s
  • max time network
    157s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    30/03/2021, 11:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3fe801df149ffae08275e24be6bce3de67e9d5407c0417542001f726541fbe4f.exe

  • Size

    279KB

  • MD5

    5df4ac6e94ae7e9f9eb28d8f7f464946

  • SHA1

    79f222f94fa265896c5e4578b91ed4ebc100058d

  • SHA256

    3fe801df149ffae08275e24be6bce3de67e9d5407c0417542001f726541fbe4f

  • SHA512

    18826a1cb94e73402c279607d1348ba532966fe3223cbeec9cfb534ab425966fadeb001bc80518411b2f8c8d884b2936779950fbc0c5f48dfc01d33e766f749a

Score
8/10
dave

Malware Config

Signatures

  • Dave packer 1 IoCs

    Detects executable packed with a packer named 'Dave' from the community, due to a string at the end of it.

    dave
  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3fe801df149ffae08275e24be6bce3de67e9d5407c0417542001f726541fbe4f.exe
    "C:\Users\Admin\AppData\Local\Temp\3fe801df149ffae08275e24be6bce3de67e9d5407c0417542001f726541fbe4f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:508
    • C:\Users\Admin\AppData\Local\Temp\aeEDegdTcrep.exe
      "C:\Users\Admin\AppData\Local\Temp\aeEDegdTcrep.exe" 9 REP
      2⤵
      • Executes dropped EXE
      PID:3184
    • C:\Users\Admin\AppData\Local\Temp\hETzxzqcqlan.exe
      "C:\Users\Admin\AppData\Local\Temp\hETzxzqcqlan.exe" 8 LAN
      2⤵
      • Executes dropped EXE
      PID:3460

Network

    No results found
  • 10.10.0.28:61636
    smb
    15.8kB
     12.2kB
     95
    92
  • 10.10.0.32:54248
    smb
    15.8kB
     12.2kB
     95
    92
  • 10.10.0.29:61158
    smb
    16.2kB
     12.2kB
     104
    91
  • 10.10.0.28:61706
    228.0kB
     17.2kB
     242
    189
  • 10.10.0.32:54318
    147.9kB
     14.9kB
     189
    140
  • 10.10.0.32:54321
    rpc
    524 B
     368 B
     6
    3
  • 10.10.0.32:54322
    4.5kB
     834 B
     12
    8
  • 10.10.0.28:61711
    rpc
    524 B
     368 B
     6
    3
  • 10.10.0.28:61712
    4.5kB
     836 B
     12
    7
  • 10.10.0.29:61216
    236.3kB
     17.4kB
     251
    196
  • 10.10.0.29:61223
    rpc
    524 B
     368 B
     6
    3
  • 10.10.0.29:61224
    4.4kB
     882 B
     11
    8
  • 10.10.0.32:54345
    4.0MB
     3.8MB
     6887
    6932
  • 10.10.0.32:53057
    130 B
     1
  • 10.10.0.29:50975
    130 B
     1
  • 10.10.0.28:58323
    130 B
     1
  • 10.10.0.28:58338
    130 B
     1
  • 10.10.0.32:53070
    130 B
     1
  • 10.10.0.29:50989
    130 B
     1
  • 10.10.0.28:60238
    114 B
     1
  • 10.10.0.32:60536
    114 B
     1
  • 10.10.0.32:58946
    114 B
     1
  • 10.10.0.28:52702
    114 B
     1
  • 10.10.0.29:63085
    114 B
     1
  • 10.10.0.29:61590
    114 B
     1

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/508-3-0x0000000035000000-0x000000003502D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/508-2-0x00000000005E0000-0x0000000000608000-memory.dmp

    Filesize

    160KB

    Download

  • memory/508-4-0x00000000005B0000-0x00000000005D6000-memory.dmp

    Filesize

    152KB

    Download

  • memory/3184-8-0x00000000006A0000-0x00000000006C8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3460-14-0x0000000000590000-0x00000000005B8000-memory.dmp

    Filesize

    160KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.