Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

da90468328...6f.exe

windows7-x64

8

da90468328...6f.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    9s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 00:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    da9046832895a1dbec0bb8131264092038e61ee71714c50851f8562048211d6f.exe

  • Size

    149KB

  • MD5

    0e1a029cfa941315833e4ff9d29e0e1b

  • SHA1

    cb6a11c746f93ca2370cd4b66431b248c1db3603

  • SHA256

    da9046832895a1dbec0bb8131264092038e61ee71714c50851f8562048211d6f

  • SHA512

    99e3541bf8c25e96c64ed19a482a671a5cd6b7f9e2a0f1ad961fc2dbecdec11d81bbd751bcb55e1aec441588d20e64a59b5271ee410de8931e0de8a70579adbc

  • SSDEEP

    3072:VydJq5oyVzs+h0J65J0SpUlf6UkIRJem1XEOGbStOj3bFjx24OzY1:gW2+jUYE/E12cj3bb1

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\da9046832895a1dbec0bb8131264092038e61ee71714c50851f8562048211d6f.exe
    "C:\Users\Admin\AppData\Local\Temp\da9046832895a1dbec0bb8131264092038e61ee71714c50851f8562048211d6f.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
      2⤵
      • Executes dropped EXE
      PID:1396
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
      2⤵
      • Executes dropped EXE
      PID:1408

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
    Filesize

    193KB

    MD5

    dbe4c857907d6cecc1771d8f7f3aacc9

    SHA1

    f207f629904ac04608a81f4fa15e9b7f63b159cc

    SHA256

    36ac3e98c21c3ec94e7ff4ee65b99544f4053c841c4ce31afdbaa2abf21dd36c

    SHA512

    b7043f9b0f98f5f4c55e0a8595e01a8d8052fd77c9f31a47785c421b576eb4a5072070c94b0b13a108d65e8fade1be6d9053c1a93105ed5b7285b073eaf87893

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
    Filesize

    193KB

    MD5

    dbe4c857907d6cecc1771d8f7f3aacc9

    SHA1

    f207f629904ac04608a81f4fa15e9b7f63b159cc

    SHA256

    36ac3e98c21c3ec94e7ff4ee65b99544f4053c841c4ce31afdbaa2abf21dd36c

    SHA512

    b7043f9b0f98f5f4c55e0a8595e01a8d8052fd77c9f31a47785c421b576eb4a5072070c94b0b13a108d65e8fade1be6d9053c1a93105ed5b7285b073eaf87893

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
    Filesize

    193KB

    MD5

    dbe4c857907d6cecc1771d8f7f3aacc9

    SHA1

    f207f629904ac04608a81f4fa15e9b7f63b159cc

    SHA256

    36ac3e98c21c3ec94e7ff4ee65b99544f4053c841c4ce31afdbaa2abf21dd36c

    SHA512

    b7043f9b0f98f5f4c55e0a8595e01a8d8052fd77c9f31a47785c421b576eb4a5072070c94b0b13a108d65e8fade1be6d9053c1a93105ed5b7285b073eaf87893

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
    Filesize

    193KB

    MD5

    dbe4c857907d6cecc1771d8f7f3aacc9

    SHA1

    f207f629904ac04608a81f4fa15e9b7f63b159cc

    SHA256

    36ac3e98c21c3ec94e7ff4ee65b99544f4053c841c4ce31afdbaa2abf21dd36c

    SHA512

    b7043f9b0f98f5f4c55e0a8595e01a8d8052fd77c9f31a47785c421b576eb4a5072070c94b0b13a108d65e8fade1be6d9053c1a93105ed5b7285b073eaf87893

    Download Submit

  • memory/1396-57-0x0000000000400000-0x0000000000410400-memory.dmp

    Filesize

    65KB

    Download