Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

5238fc6bf3...9d.exe

windows7-x64

8

5238fc6bf3...9d.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    45s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    25/10/2022, 03:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5238fc6bf3af2fc3b88d102c4f4cf99d.exe

  • Size

    5.5MB

  • MD5

    5238fc6bf3af2fc3b88d102c4f4cf99d

  • SHA1

    7c53d7e2294b99d13987207e6649679239c1b7db

  • SHA256

    fdb421f4a654a5c34a0ac53fe5b8034076d294c846f6df5c645ca102b6f4caf0

  • SHA512

    15ced287df98da57549848983785925c18fadd2bd5033afe26c1b95a811f3f51bfd09da80ef8c829cb061d240cc21ef936d0105f72ca0afb7427b172026dfd96

  • SSDEEP

    98304:0kLbDnTP0AenE1XFbFqvb9/vJtkh7dAy9QdB4BC+4fo8os9YYHo9ty55lji:DbzTP0ZEdwbV50aB4hjYIjkn+

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5238fc6bf3af2fc3b88d102c4f4cf99d.exe
    "C:\Users\Admin\AppData\Local\Temp\5238fc6bf3af2fc3b88d102c4f4cf99d.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1764
    • C:\Users\Admin\AppData\Local\Temp\is-JJ6UJ.tmp\5238fc6bf3af2fc3b88d102c4f4cf99d.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-JJ6UJ.tmp\5238fc6bf3af2fc3b88d102c4f4cf99d.tmp" /SL5="$60126,4926658,832512,C:\Users\Admin\AppData\Local\Temp\5238fc6bf3af2fc3b88d102c4f4cf99d.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-JJ6UJ.tmp\5238fc6bf3af2fc3b88d102c4f4cf99d.tmp
    Filesize

    3.0MB

    MD5

    a2c2a94b03a9313cc500f34e8e888814

    SHA1

    7d9bb44259d6eca9e6d77dbf92919ea17271e418

    SHA256

    4c9c6946f0ef4762738534176978db1ad3b8b90ad4f247bc77fc389550f0fa3d

    SHA512

    d5fde5abf118d79c77e406cf33c8ab69d88ad1bfae5be953a6a211654ede90bccd0fc5ef67d566bc38b31889065dec26436a834f5ec1bde0b60cb91bcbbe336d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-JJ6UJ.tmp\5238fc6bf3af2fc3b88d102c4f4cf99d.tmp
    Filesize

    3.0MB

    MD5

    a2c2a94b03a9313cc500f34e8e888814

    SHA1

    7d9bb44259d6eca9e6d77dbf92919ea17271e418

    SHA256

    4c9c6946f0ef4762738534176978db1ad3b8b90ad4f247bc77fc389550f0fa3d

    SHA512

    d5fde5abf118d79c77e406cf33c8ab69d88ad1bfae5be953a6a211654ede90bccd0fc5ef67d566bc38b31889065dec26436a834f5ec1bde0b60cb91bcbbe336d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-LVFHI.tmp\valom.dll
    Filesize

    284KB

    MD5

    da1d7a4aa733808a325c1f391fcb929d

    SHA1

    d1c897aaf9dd98e485ea3ecae824df6c44a56b52

    SHA256

    04900720fee885508357a6149de6905cf9e077baaede0eb54301ec33c243e542

    SHA512

    9a58395b31441ab29e56688f488911c9dba50eaf9fbf03b6d012c648e5436f4643148a03a26aa14e5789af78ca4e0ac9c4de7c9981136517b356c69581d79682

    Download Submit

  • memory/1764-54-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1764-55-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/1764-62-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/1764-63-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download