Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

e7b8535cf5...7b.exe

windows7-x64

1

e7b8535cf5...7b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2022, 04:19 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e7b8535cf54b4ba3a4a208e05ecdbcc533b1accb0e4b567a77f3c272519fd37b.exe

  • Size

    146KB

  • MD5

    79559c3824adbfb4a049e45acdd0c430

  • SHA1

    279b481a18511e5bc3f91ac880002ccb6dd85fd8

  • SHA256

    e7b8535cf54b4ba3a4a208e05ecdbcc533b1accb0e4b567a77f3c272519fd37b

  • SHA512

    c02b74e57896b70279bf377c56508aa2d830fcfd58ba932dbd97491e1e2a0edd3fa98b76c3601f582d3b5b232d77b163cce8680cd7b74485a9eaf7a7eb644d0a

  • SSDEEP

    3072:NYGu635vCsNaoIYtpRc2vNQ8Uv5Z8eSIeOC9MC5Q96AaQdDCeV3:jf5fDpPv6JYeSzOlaYDBV3

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e7b8535cf54b4ba3a4a208e05ecdbcc533b1accb0e4b567a77f3c272519fd37b.exe
    "C:\Users\Admin\AppData\Local\Temp\e7b8535cf54b4ba3a4a208e05ecdbcc533b1accb0e4b567a77f3c272519fd37b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1436
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
        PID:1188

    Network

    • flag-us
      DNS
      spuk.collective.su
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      spuk.collective.su
      IN A
      Response
    • flag-us
      DNS
      johnny.upward.su
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      johnny.upward.su
      IN A
      Response
    • flag-us
      DNS
      kim.envelope.su
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      kim.envelope.su
      IN A
      Response
    • flag-us
      DNS
      amp.cellular.su
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      amp.cellular.su
      IN A
      Response
    • flag-us
      DNS
      asx.rabbit.su
      svchost.exe
      Remote address:
      8.8.8.8:53
      Request
      asx.rabbit.su
      IN A
      Response
    No results found
    • 8.8.8.8:53
      spuk.collective.su
      dns
      svchost.exe
      64 B
       125 B
       1
      1

      DNS Request

      spuk.collective.su

    • 8.8.8.8:53
      johnny.upward.su
      dns
      svchost.exe
      62 B
       123 B
       1
      1

      DNS Request

      johnny.upward.su

    • 8.8.8.8:53
      kim.envelope.su
      dns
      svchost.exe
      61 B
       122 B
       1
      1

      DNS Request

      kim.envelope.su

    • 8.8.8.8:53
      amp.cellular.su
      dns
      svchost.exe
      61 B
       122 B
       1
      1

      DNS Request

      amp.cellular.su

    • 8.8.8.8:53
      asx.rabbit.su
      dns
      svchost.exe
      59 B
       119 B
       1
      1

      DNS Request

      asx.rabbit.su

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1188-59-0x0000000000080000-0x0000000000089000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1188-57-0x0000000000080000-0x0000000000089000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1188-62-0x00000000005C0000-0x00000000005C8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/1188-63-0x0000000000080000-0x0000000000089000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1436-54-0x0000000000400000-0x0000000000427000-memory.dmp

      Filesize

      156KB

      Download

    • memory/1436-55-0x0000000000400000-0x0000000000427000-memory.dmp

      Filesize

      156KB

      Download

    • memory/1436-61-0x0000000000400000-0x0000000000427000-memory.dmp

      Filesize

      156KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.