Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

95eca2e567...7c.exe

windows7-x64

8

95eca2e567...7c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    38s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 18:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    95eca2e567da42587bb9a61e977a5b9be6d35802bcc7ec54d3b8a6db42bd697c.exe

  • Size

    12.7MB

  • MD5

    f246158cf60523a6481089c8f96d091a

  • SHA1

    9d6aa1a72bf6cdb6e112e33d8c97c6555d57146b

  • SHA256

    95eca2e567da42587bb9a61e977a5b9be6d35802bcc7ec54d3b8a6db42bd697c

  • SHA512

    c004f6b763c475cf7cc5d660fcfa15d2e9dc1961aaad0d056c85ae7556d86528afe206e4b642bf3de9d3c5b5b0ba22864d832635cb275337b138d0261e1a2986

  • SSDEEP

    393216:usw0IpL7nHq43isshFDFV3aS2Z/48Wpez6:4rp3KzThHV3iZw8WpE6

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\95eca2e567da42587bb9a61e977a5b9be6d35802bcc7ec54d3b8a6db42bd697c.exe
    "C:\Users\Admin\AppData\Local\Temp\95eca2e567da42587bb9a61e977a5b9be6d35802bcc7ec54d3b8a6db42bd697c.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1760
    • C:\Users\Admin\AppData\Local\Temp\is-2N8VO.tmp\95eca2e567da42587bb9a61e977a5b9be6d35802bcc7ec54d3b8a6db42bd697c.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-2N8VO.tmp\95eca2e567da42587bb9a61e977a5b9be6d35802bcc7ec54d3b8a6db42bd697c.tmp" /SL5="$80022,13057270,87040,C:\Users\Admin\AppData\Local\Temp\95eca2e567da42587bb9a61e977a5b9be6d35802bcc7ec54d3b8a6db42bd697c.exe"
      2⤵
      • Executes dropped EXE
      PID:1316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-2N8VO.tmp\95eca2e567da42587bb9a61e977a5b9be6d35802bcc7ec54d3b8a6db42bd697c.tmp
    Filesize

    734KB

    MD5

    10934c830465eeb4aa6a3c60dc8d45d6

    SHA1

    447c754f5097c7717c028102736734a99ac67eef

    SHA256

    45f465fa3b6f8ac516aa97e7d8d1fd4dd147de5de24077281512b01ae423d625

    SHA512

    d04a375ab5a510856a63f2f4a7c894de8dd419d68b85880a45b9ca497b1b5b2349570a57b5eca2bdcfae73d7c1fbeba75b925f903edb5adc730db4172eac4afd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-2N8VO.tmp\95eca2e567da42587bb9a61e977a5b9be6d35802bcc7ec54d3b8a6db42bd697c.tmp
    Filesize

    734KB

    MD5

    10934c830465eeb4aa6a3c60dc8d45d6

    SHA1

    447c754f5097c7717c028102736734a99ac67eef

    SHA256

    45f465fa3b6f8ac516aa97e7d8d1fd4dd147de5de24077281512b01ae423d625

    SHA512

    d04a375ab5a510856a63f2f4a7c894de8dd419d68b85880a45b9ca497b1b5b2349570a57b5eca2bdcfae73d7c1fbeba75b925f903edb5adc730db4172eac4afd

    Download Submit

  • memory/1760-54-0x0000000075931000-0x0000000075933000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1760-55-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1760-61-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download