Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

415cf23337...5e.exe

windows7-x64

8

415cf23337...5e.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2022, 02:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    415cf2333734857def103f8f15de3091bd115454b787c118aabd763b6d3d125e.exe

  • Size

    32KB

  • MD5

    325fffeb14c48b7bc8a680b640307682

  • SHA1

    a86d2020661fc3c98fa43a9578aad227311453cb

  • SHA256

    415cf2333734857def103f8f15de3091bd115454b787c118aabd763b6d3d125e

  • SHA512

    b91b9f38fb2a2e79a5252a22710d83742f39595b1666c80fc29624452756ad4e2856cb805cbbad58cda28ad38261d4de64ba1da67728ccfd762405feece82737

  • SSDEEP

    768:c6R9xrFXHDnwZUszq0hRX6cmO1Sg5sX3M0sXn:c67xr5HDwZUARXV/SHM0c

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\415cf2333734857def103f8f15de3091bd115454b787c118aabd763b6d3d125e.exe
    "C:\Users\Admin\AppData\Local\Temp\415cf2333734857def103f8f15de3091bd115454b787c118aabd763b6d3d125e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Users\Admin\AppData\Local\Temp\pixeldays.exe
      C:\Users\Admin\AppData\Local\Temp\pixeldays.exe
      2⤵
      • Executes dropped EXE
      • Deletes itself
      PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\pixeldays.exe
    Filesize

    32KB

    MD5

    ff406b7c8b2cd800531da9be16e7e763

    SHA1

    0c138e35a2c1be8adc0267ec0b5e6300280a0014

    SHA256

    a188f95bb3713e3ad120da896a433f9b7db027819c5cfc27f6f1e3c0e94a8636

    SHA512

    f306f9177f15bc219f53fcc1e5339530558ed5c381e168880b73c5176d25d0b738d097a84160c1bf2eb84f481d61551cf193a14c27d129aafa1ebcad797b2156

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\pixeldays.exe
    Filesize

    32KB

    MD5

    ff406b7c8b2cd800531da9be16e7e763

    SHA1

    0c138e35a2c1be8adc0267ec0b5e6300280a0014

    SHA256

    a188f95bb3713e3ad120da896a433f9b7db027819c5cfc27f6f1e3c0e94a8636

    SHA512

    f306f9177f15bc219f53fcc1e5339530558ed5c381e168880b73c5176d25d0b738d097a84160c1bf2eb84f481d61551cf193a14c27d129aafa1ebcad797b2156

    Download Submit

  • \Users\Admin\AppData\Local\Temp\pixeldays.exe
    Filesize

    32KB

    MD5

    ff406b7c8b2cd800531da9be16e7e763

    SHA1

    0c138e35a2c1be8adc0267ec0b5e6300280a0014

    SHA256

    a188f95bb3713e3ad120da896a433f9b7db027819c5cfc27f6f1e3c0e94a8636

    SHA512

    f306f9177f15bc219f53fcc1e5339530558ed5c381e168880b73c5176d25d0b738d097a84160c1bf2eb84f481d61551cf193a14c27d129aafa1ebcad797b2156

    Download Submit

  • memory/1724-57-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2036-59-0x0000000074B51000-0x0000000074B53000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2036-60-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download