Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

f62bcadaed...c8.exe

windows7-x64

8

f62bcadaed...c8.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    43s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29/10/2022, 04:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f62bcadaedf5b3873403285e4bb2ae4f2e9317bbf451092887a2ce764aa471c8.exe

  • Size

    527KB

  • MD5

    2b6eff092e8518aa403af27e8d6d9d5a

  • SHA1

    99fcc5a3265e360a06de6d28178ec329e64ae9bb

  • SHA256

    f62bcadaedf5b3873403285e4bb2ae4f2e9317bbf451092887a2ce764aa471c8

  • SHA512

    32f4a70de7a6622ba0754cd6637d4c41fa7b7884ba09bb64e6a5aff312ef3a88d1d68845cdefac080442c5a9ab2f32122da7fd1134f793f4bf11d967e7f792e0

  • SSDEEP

    12288:66Qyvm2k13fTROP79spStzeL5OaGbqPraNc1Gxyib1Qk0:6Omfr8P79spS8IaSqj2xd2f

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f62bcadaedf5b3873403285e4bb2ae4f2e9317bbf451092887a2ce764aa471c8.exe
    "C:\Users\Admin\AppData\Local\Temp\f62bcadaedf5b3873403285e4bb2ae4f2e9317bbf451092887a2ce764aa471c8.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Users\Admin\AppData\Local\Temp\~DFA7A.tmp
      C:\Users\Admin\AppData\Local\Temp\~DFA7A.tmp OK
      2⤵
      • Executes dropped EXE
      PID:1760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\~DFA7A.tmp
    Filesize

    34KB

    MD5

    6fb92c916233cb339c54f369d9a0dd02

    SHA1

    0ac4171426bcc9b4621958a6273fa3bae81ea610

    SHA256

    3e7efba4c0c399ecc57a440cec21140b8991b398614d74f88a24511152d56209

    SHA512

    9a45d80163456742f520686c729c09d1916682c2d31ec8f46d28141649e9cc00143f1e01242484a3eb7e8533f237a1ff00b9884fddc7e3caada9935312767486

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~DFA7A.tmp
    Filesize

    24KB

    MD5

    03b8fb0b6ebd9034e11456129eda4557

    SHA1

    7e85156cd96c1f47cbcd94cfd5170aff7e14ec5e

    SHA256

    861c3fcb3f8c588c3711ea0dfe0cd4212e1cf20db084bab179ee84f5390fd050

    SHA512

    a095a832bd286bedc80aa36bc4c70af84dda660ad7d59d676f76425facc62749fc18bae3c1a219302ddca1e6223878fe5a55dce3bc8f8150af014f547a5c63a8

    Download Submit

  • memory/1760-61-0x0000000001220000-0x00000000012C7000-memory.dmp

    Filesize

    668KB

    Download

  • memory/1760-63-0x0000000001220000-0x00000000012C7000-memory.dmp

    Filesize

    668KB

    Download

  • memory/2044-54-0x0000000075501000-0x0000000075503000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2044-55-0x0000000000150000-0x00000000001F7000-memory.dmp

    Filesize

    668KB

    Download

  • memory/2044-60-0x0000000002010000-0x00000000020B7000-memory.dmp

    Filesize

    668KB

    Download

  • memory/2044-62-0x0000000000150000-0x00000000001F7000-memory.dmp

    Filesize

    668KB

    Download