Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

f62bcadaed...c8.exe

windows7-x64

8

f62bcadaed...c8.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    113s
  • max time network
    42s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/10/2022, 04:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f62bcadaedf5b3873403285e4bb2ae4f2e9317bbf451092887a2ce764aa471c8.exe

  • Size

    527KB

  • MD5

    2b6eff092e8518aa403af27e8d6d9d5a

  • SHA1

    99fcc5a3265e360a06de6d28178ec329e64ae9bb

  • SHA256

    f62bcadaedf5b3873403285e4bb2ae4f2e9317bbf451092887a2ce764aa471c8

  • SHA512

    32f4a70de7a6622ba0754cd6637d4c41fa7b7884ba09bb64e6a5aff312ef3a88d1d68845cdefac080442c5a9ab2f32122da7fd1134f793f4bf11d967e7f792e0

  • SSDEEP

    12288:66Qyvm2k13fTROP79spStzeL5OaGbqPraNc1Gxyib1Qk0:6Omfr8P79spS8IaSqj2xd2f

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f62bcadaedf5b3873403285e4bb2ae4f2e9317bbf451092887a2ce764aa471c8.exe
    "C:\Users\Admin\AppData\Local\Temp\f62bcadaedf5b3873403285e4bb2ae4f2e9317bbf451092887a2ce764aa471c8.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3276
    • C:\Users\Admin\AppData\Local\Temp\~DFA24C.tmp
      C:\Users\Admin\AppData\Local\Temp\~DFA24C.tmp OK
      2⤵
      • Executes dropped EXE
      PID:5092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\~DFA24C.tmp
    Filesize

    24KB

    MD5

    5fe0f176f2721de94e9450f6f21c512b

    SHA1

    a58cb6ddac6a860cebed09049f496e3ab46d0814

    SHA256

    e33f656e047a7ae51f5634aacdf6db07c229d92a834694a2e7a933e5cd6f3ac5

    SHA512

    71f30b826fa453b90c9e0363e0e296aa48281c723ac2ba6f4e07632bbf4959f619e152a7a9b66e74d4d952548fd8d3de62d732e4b6ca2752e28df161b35e637a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~DFA24C.tmp
    Filesize

    16KB

    MD5

    d8c60972074b4a09eccb6a470962c765

    SHA1

    c8672fc322f530cd2d11f35be56c105dd8467d06

    SHA256

    c628c5529d96e3d286a9e239f21a64474d7aa4dde9184d3c5e93983f1ef89aa8

    SHA512

    ec87451704740009d5826d2ba63997f38718c7bff591402a9de277e72c4169540c4f9d188fc5f4f7c078c2832d5f8dda2d025f566be1b8e88787ce7565a15ddf

    Download Submit

  • memory/3276-132-0x0000000000350000-0x00000000003F7000-memory.dmp

    Filesize

    668KB

    Download

  • memory/3276-137-0x0000000000350000-0x00000000003F7000-memory.dmp

    Filesize

    668KB

    Download

  • memory/5092-136-0x0000000000A00000-0x0000000000AA7000-memory.dmp

    Filesize

    668KB

    Download

  • memory/5092-138-0x0000000000A00000-0x0000000000AA7000-memory.dmp

    Filesize

    668KB

    Download