Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

1fb33425fc...64.exe

windows7-x64

5

1fb33425fc...64.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    91s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/10/2022, 00:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1fb33425fc382402c4a035d3e112034ccbaee97a9464c192d270c9698c32b064.exe

  • Size

    563KB

  • MD5

    0b14c281ea491533e4e3e5ba87e49c06

  • SHA1

    26ae8346f5766175eeb3598c918ce7b45d7fd0c7

  • SHA256

    1fb33425fc382402c4a035d3e112034ccbaee97a9464c192d270c9698c32b064

  • SHA512

    740a0ced76accf233507da7e729c4f78b68dba4a24898d19f3a716c7dc9c800e1302e4a76bbfb7c5b3b006b7ef5b076fa2f245e0385e11b742ccb8c4ee2cef52

  • SSDEEP

    12288:+UjRSRMmZnOblCW9K00yj8nesP+jZLrm20Exro8AYeGXcYuecsKMOsd:+UjRSR3BkcWgnes2jd3kFYp29MOq

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3092
      • C:\Users\Admin\AppData\Local\Temp\1fb33425fc382402c4a035d3e112034ccbaee97a9464c192d270c9698c32b064.exe
        "C:\Users\Admin\AppData\Local\Temp\1fb33425fc382402c4a035d3e112034ccbaee97a9464c192d270c9698c32b064.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:2168
        • C:\Users\Admin\AppData\Local\Temp\1fb33425fc382402c4a035d3e112034ccbaee97a9464c192d270c9698c32b064.exe
          C:\Users\Admin\AppData\Local\Temp\1fb33425fc382402c4a035d3e112034ccbaee97a9464c192d270c9698c32b064.exe
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4928

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2168-132-0x0000000000400000-0x0000000000551000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2168-138-0x0000000000400000-0x0000000000551000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3092-140-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

      Filesize

      28KB

      Download

    • memory/4928-134-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/4928-135-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/4928-139-0x0000000000400000-0x0000000000408960-memory.dmp

      Filesize

      34KB

      Download

    • memory/4928-141-0x0000000010000000-0x0000000010013000-memory.dmp

      Filesize

      76KB

      Download