Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

6782ba2bfd...9d.exe

windows7-x64

8

6782ba2bfd...9d.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    124s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/11/2022, 20:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6782ba2bfd2e449b8426aee68e72dfbd0991c5b66cc5f649c9fad83be9253f9d.exe

  • Size

    14.0MB

  • MD5

    e12238fc76b29eb30317212d9f41986b

  • SHA1

    5498a41f089770d55afd1b4247fcf3f6e5a6f806

  • SHA256

    6782ba2bfd2e449b8426aee68e72dfbd0991c5b66cc5f649c9fad83be9253f9d

  • SHA512

    36c8f593fd66b8a28843d403ec8494ccc863210c30417cb723a5a0d024d2164c66aaa63b969dacdb4c70b6d2f679dbdb2d1f4a4d1049d2926ba35e136f35d8ca

  • SSDEEP

    393216:WwumP+jlbByxkkBLQQ47HrUzRl1Bt4m+eyzncs:oZdU9BkQ4zr0l1z4sOn1

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6782ba2bfd2e449b8426aee68e72dfbd0991c5b66cc5f649c9fad83be9253f9d.exe
    "C:\Users\Admin\AppData\Local\Temp\6782ba2bfd2e449b8426aee68e72dfbd0991c5b66cc5f649c9fad83be9253f9d.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Users\Admin\AppData\Local\Temp\is-1II67.tmp\6782ba2bfd2e449b8426aee68e72dfbd0991c5b66cc5f649c9fad83be9253f9d.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-1II67.tmp\6782ba2bfd2e449b8426aee68e72dfbd0991c5b66cc5f649c9fad83be9253f9d.tmp" /SL5="$901C2,13976401,742912,C:\Users\Admin\AppData\Local\Temp\6782ba2bfd2e449b8426aee68e72dfbd0991c5b66cc5f649c9fad83be9253f9d.exe"
      2⤵
      • Executes dropped EXE
      PID:2640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-1II67.tmp\6782ba2bfd2e449b8426aee68e72dfbd0991c5b66cc5f649c9fad83be9253f9d.tmp
    Filesize

    2.4MB

    MD5

    728563602d503a6f2c7c9b8fbbcbeac3

    SHA1

    89d59ff64df72235a97bf4bb6dc3540cb472824a

    SHA256

    544c0c5adc6fe8a37fdd1de17315c53daf3316f4a7c389dd427adce76af6c281

    SHA512

    eb09f7463a3b537eec23195b6ea79ce0a0bfb16981a215639c7089fda2a83cafd1035e0d72d91c7eb8c2761c08f30541f770ee6a695818c372ac32667fb1cd7f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-1II67.tmp\6782ba2bfd2e449b8426aee68e72dfbd0991c5b66cc5f649c9fad83be9253f9d.tmp
    Filesize

    2.4MB

    MD5

    728563602d503a6f2c7c9b8fbbcbeac3

    SHA1

    89d59ff64df72235a97bf4bb6dc3540cb472824a

    SHA256

    544c0c5adc6fe8a37fdd1de17315c53daf3316f4a7c389dd427adce76af6c281

    SHA512

    eb09f7463a3b537eec23195b6ea79ce0a0bfb16981a215639c7089fda2a83cafd1035e0d72d91c7eb8c2761c08f30541f770ee6a695818c372ac32667fb1cd7f

    Download Submit

  • memory/2324-132-0x0000000000400000-0x00000000004C3000-memory.dmp

    Filesize

    780KB

    Download

  • memory/2324-137-0x0000000000400000-0x00000000004C3000-memory.dmp

    Filesize

    780KB

    Download