Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

0db9bb7b7b...fe.exe

windows7-x64

8

0db9bb7b7b...fe.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    43s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    28/11/2022, 02:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0db9bb7b7bc520b7b85e2529246f40a8ecea63fdb96d25914e858082282f71fe.exe

  • Size

    3.2MB

  • MD5

    35ce705c3e17e7e699140f585bb511d1

  • SHA1

    86e7c53522280c4535971a0b15d19d593871ff16

  • SHA256

    0db9bb7b7bc520b7b85e2529246f40a8ecea63fdb96d25914e858082282f71fe

  • SHA512

    0e138b135d76e23d1389e04bb8b62782cabada43af3b8fe693a78c7d974cd99bf0cdfc4334d0718c8acb81b1e2c08ed40ddcae90ce010e2d0763309c2b7e05b8

  • SSDEEP

    98304:bIsZK9ywqjKauEGpFcn9M1uzuZyHiDw5GoOG2T:kscgeEH9M1KukHiD9oON

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0db9bb7b7bc520b7b85e2529246f40a8ecea63fdb96d25914e858082282f71fe.exe
    "C:\Users\Admin\AppData\Local\Temp\0db9bb7b7bc520b7b85e2529246f40a8ecea63fdb96d25914e858082282f71fe.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1196
    • C:\Users\Admin\AppData\Local\Temp\is-7K8HJ.tmp\0db9bb7b7bc520b7b85e2529246f40a8ecea63fdb96d25914e858082282f71fe.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-7K8HJ.tmp\0db9bb7b7bc520b7b85e2529246f40a8ecea63fdb96d25914e858082282f71fe.tmp" /SL5="$60124,2966055,59392,C:\Users\Admin\AppData\Local\Temp\0db9bb7b7bc520b7b85e2529246f40a8ecea63fdb96d25914e858082282f71fe.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-7K8HJ.tmp\0db9bb7b7bc520b7b85e2529246f40a8ecea63fdb96d25914e858082282f71fe.tmp
    Filesize

    707KB

    MD5

    6a729494be0848daf9b8cb512fe1c1e2

    SHA1

    3375fed20d3bf90d160fb8e7aaf518adfd499fdb

    SHA256

    826b4eaf82bf4fd553b1a0682e8e0e526094133560a01b99f29bc3f7ccc91979

    SHA512

    2f30ee4210ec3fd31a8f5934c3bd747587a0082f759fc6361af1516c43120f26da1e888ed5fafc6ce76ae2e1e2adaf5398c6801696d68e31b6f223ed1bfac108

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-7K8HJ.tmp\0db9bb7b7bc520b7b85e2529246f40a8ecea63fdb96d25914e858082282f71fe.tmp
    Filesize

    707KB

    MD5

    6a729494be0848daf9b8cb512fe1c1e2

    SHA1

    3375fed20d3bf90d160fb8e7aaf518adfd499fdb

    SHA256

    826b4eaf82bf4fd553b1a0682e8e0e526094133560a01b99f29bc3f7ccc91979

    SHA512

    2f30ee4210ec3fd31a8f5934c3bd747587a0082f759fc6361af1516c43120f26da1e888ed5fafc6ce76ae2e1e2adaf5398c6801696d68e31b6f223ed1bfac108

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-GVT40.tmp\_isetup\_isdecmp.dll
    Filesize

    23KB

    MD5

    77d6d961f71a8c558513bed6fd0ad6f1

    SHA1

    122bb9ed6704b72250e4e31b5d5fc2f0476c4b6a

    SHA256

    5da7c8d33d3b7db46277012d92875c0b850c8abf1eb3c8c9c5b9532089a0bcf0

    SHA512

    b0921e2442b4cdec8cc479ba3751a01c0646a4804e2f4a5d5632fa2dbf54cc45d4cccffa4d5b522d42afc2f6a622e07882ed7e663c8462333b082e82503f335a

    Download Submit

  • memory/1196-54-0x0000000075D01000-0x0000000075D03000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1196-55-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1196-62-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download