Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

596971f593...89.exe

windows7-x64

1

596971f593...89.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    137s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/11/2022, 07:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    596971f593712f10bc473774e0b2ef1adfb0bf15f875cf85f427596fdda37889.exe

  • Size

    526KB

  • MD5

    b1a04179686fdfd74e537e33115a5713

  • SHA1

    e15df1c43874449c3bd3dd8f408545afac0739b2

  • SHA256

    596971f593712f10bc473774e0b2ef1adfb0bf15f875cf85f427596fdda37889

  • SHA512

    eb8c9f422c6659b766aa51f712e75a29ad19631ff51dac439d90ea5da77836be660dfd15edfc5bc4612e537ffdf27fefe13c425c9914cb65bdabeaae3ce14478

  • SSDEEP

    12288:Bk/aWTYcZhRyHiFIloDzxo4xUupSMrFCsNEfF4SdM:Bk//YcdytlUG4quouFCsNaHdM

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\596971f593712f10bc473774e0b2ef1adfb0bf15f875cf85f427596fdda37889.exe
    "C:\Users\Admin\AppData\Local\Temp\596971f593712f10bc473774e0b2ef1adfb0bf15f875cf85f427596fdda37889.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2940
    • C:\Users\Admin\AppData\Local\Temp\596971f593712f10bc473774e0b2ef1adfb0bf15f875cf85f427596fdda37889.exe
      start
      2⤵
        PID:3528
      • C:\Users\Admin\AppData\Local\Temp\596971f593712f10bc473774e0b2ef1adfb0bf15f875cf85f427596fdda37889.exe
        watch
        2⤵
          PID:1312

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1312-137-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/1312-139-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/1312-141-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/2940-132-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/2940-133-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/2940-136-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/3528-138-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/3528-140-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download