Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

2ec939f3eb...7c.exe

windows7-x64

8

2ec939f3eb...7c.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    21s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29/10/2022, 05:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2ec939f3eb00b8da1a467266a404eb8c4e548737bafc51833170ae8e6cfd117c.exe

  • Size

    297KB

  • MD5

    bb924260c76f4acddd9ec599c6970dbe

  • SHA1

    d2d881391225f4d49c6547c5df7787362a82fe4b

  • SHA256

    2ec939f3eb00b8da1a467266a404eb8c4e548737bafc51833170ae8e6cfd117c

  • SHA512

    64f7bd9239160ed23c8dc42a984fe09ff6abd723d69362008247ddce8ab9563205825387b6fe177864831c00a324ffdfe1c67ee752e3e5e057002d66e413773e

  • SSDEEP

    6144:y2DGpqyd3oxcdzgjcufgM7e3lSQtX0PoOKEtq70uHRinFBqLTabu0qZwbS:5D+u+gjcufWlvSoOKEtY/xUBqLSxqZw+

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ec939f3eb00b8da1a467266a404eb8c4e548737bafc51833170ae8e6cfd117c.exe
    "C:\Users\Admin\AppData\Local\Temp\2ec939f3eb00b8da1a467266a404eb8c4e548737bafc51833170ae8e6cfd117c.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmpa3e9f637.bat"
      2⤵
        PID:588
      • C:\Users\Admin\AppData\Roaming\Tuvubo\hypo.exe
        "C:\Users\Admin\AppData\Roaming\Tuvubo\hypo.exe"
        2⤵
        • Executes dropped EXE
        • Suspicious use of UnmapMainImage
        PID:960

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\tmpa3e9f637.bat
      Filesize

      307B

      MD5

      5a919cdb15cea78dafc741675148eb29

      SHA1

      648b064cf7f6885b00f7ae68ca25acb27f1aa825

      SHA256

      e0f62f3f6015ec87b64e47dfae39550b238a229888f0c2321513395948a0c347

      SHA512

      1f018afe3304807074fe05d9239ac078c682c3235975dbe96362d38d68b5449d32c27afcf2ee51eac2063abba2e75ca69d7f92e1dd5aae4086cd79f65040f042

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Tuvubo\hypo.exe
      Filesize

      17KB

      MD5

      0bce9566944bf7e9c18dcc02d67d4e0d

      SHA1

      edfcf8f3de506d689d0ca84bcf0e7cfe0ab9f6b4

      SHA256

      19e98ea86144fe13434368bd5b1cab19b73930908bb48587a3a9aef46a91ab48

      SHA512

      15310f63ac7e5ef125257d03fbcf87eaebe6de5da1d96235a12843a20499347e696393126f8b8f4e1ba7361752280bf9211664b82f12be1598af75037929d8e3

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Tuvubo\hypo.exe
      Filesize

      3KB

      MD5

      feebe7d6cecc8085e8ecfaac3c151005

      SHA1

      a36a26fb0289d7f153497c95ffd3dce9f883ad5a

      SHA256

      824cc19ed199a351c844bbcfc12a7b18bda4ec0942bb84da2ec4a5a69bd61978

      SHA512

      9af1b1cccd53bf32aa561956cf53b0629d1df7c3f20612dad75b9c8f836a9af8446712f0eb9fdda96dc4e5b764e8e83e3c46498ea6322fd8ad03a3d7bd8cc33a

      Download Submit

    • \Users\Admin\AppData\Roaming\Tuvubo\hypo.exe
      Filesize

      28KB

      MD5

      f0eb766cd9c06c4b65aa65231f415c8e

      SHA1

      e54a8690c943d1a623a4eaeee2ce9289a96dc876

      SHA256

      f649cf51c28f268a770025ccc29edb76e696f890d0072a32675cdbc9a3639cff

      SHA512

      661ac16951e3841979d2be1ed7c7fd125ad19e1c87fcb93176b8172ba63022765a4344cb954305f3eb6d2221c706d2d4eb04552d55f1d5c179a8acdb9c1407e0

      Download Submit

    • \Users\Admin\AppData\Roaming\Tuvubo\hypo.exe
      Filesize

      1KB

      MD5

      ce5303f897b2724ceb794f7e6cec0bd9

      SHA1

      8cef517fdb834009f80d2133ad9b27a093b9a3f5

      SHA256

      4f251ce035a27880999889f47c12ad26536339e7edee7e6127df55915249f302

      SHA512

      f16be66dc798b066173c7752f58ce1e68aaa92c0cdc3e5e714595b37bc62131434492416a144824eee6d66a2c6e46ca062527fc9bd0ddc7cc45ea1bc3663d275

      Download Submit

    • memory/588-102-0x0000000000050000-0x0000000000092000-memory.dmp

      Filesize

      264KB

      Download

    • memory/588-94-0x0000000000050000-0x0000000000092000-memory.dmp

      Filesize

      264KB

      Download

    • memory/588-91-0x0000000000050000-0x0000000000092000-memory.dmp

      Filesize

      264KB

      Download

    • memory/588-93-0x0000000000050000-0x0000000000092000-memory.dmp

      Filesize

      264KB

      Download

    • memory/588-95-0x0000000000050000-0x0000000000092000-memory.dmp

      Filesize

      264KB

      Download

    • memory/960-105-0x0000000000400000-0x0000000000450000-memory.dmp

      Filesize

      320KB

      Download

    • memory/960-104-0x0000000000380000-0x00000000003D0000-memory.dmp

      Filesize

      320KB

      Download

    • memory/960-103-0x0000000000300000-0x0000000000342000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1128-70-0x0000000001ED0000-0x0000000001F12000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1128-69-0x0000000001ED0000-0x0000000001F12000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1128-65-0x0000000001ED0000-0x0000000001F12000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1128-68-0x0000000001ED0000-0x0000000001F12000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1128-67-0x0000000001ED0000-0x0000000001F12000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1188-73-0x0000000000130000-0x0000000000172000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1188-75-0x0000000000130000-0x0000000000172000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1188-76-0x0000000000130000-0x0000000000172000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1188-74-0x0000000000130000-0x0000000000172000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1216-82-0x0000000002A90000-0x0000000002AD2000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1216-79-0x0000000002A90000-0x0000000002AD2000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1216-80-0x0000000002A90000-0x0000000002AD2000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1216-81-0x0000000002A90000-0x0000000002AD2000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1632-86-0x00000000022B0000-0x00000000022F2000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1632-97-0x00000000002D0000-0x0000000000320000-memory.dmp

      Filesize

      320KB

      Download

    • memory/1632-98-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1632-99-0x00000000022B0000-0x00000000022F2000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1632-85-0x00000000022B0000-0x00000000022F2000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1632-54-0x0000000076091000-0x0000000076093000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1632-87-0x00000000022B0000-0x00000000022F2000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1632-88-0x00000000022B0000-0x00000000022F2000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1632-57-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1632-56-0x00000000002D0000-0x0000000000320000-memory.dmp

      Filesize

      320KB

      Download

    • memory/1632-55-0x0000000000270000-0x00000000002B2000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1632-58-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download