Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

da90468328...6f.exe

windows7-x64

8

da90468328...6f.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    9s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 00:34 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    da9046832895a1dbec0bb8131264092038e61ee71714c50851f8562048211d6f.exe

  • Size

    149KB

  • MD5

    0e1a029cfa941315833e4ff9d29e0e1b

  • SHA1

    cb6a11c746f93ca2370cd4b66431b248c1db3603

  • SHA256

    da9046832895a1dbec0bb8131264092038e61ee71714c50851f8562048211d6f

  • SHA512

    99e3541bf8c25e96c64ed19a482a671a5cd6b7f9e2a0f1ad961fc2dbecdec11d81bbd751bcb55e1aec441588d20e64a59b5271ee410de8931e0de8a70579adbc

  • SSDEEP

    3072:VydJq5oyVzs+h0J65J0SpUlf6UkIRJem1XEOGbStOj3bFjx24OzY1:gW2+jUYE/E12cj3bb1

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\da9046832895a1dbec0bb8131264092038e61ee71714c50851f8562048211d6f.exe
    "C:\Users\Admin\AppData\Local\Temp\da9046832895a1dbec0bb8131264092038e61ee71714c50851f8562048211d6f.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
      2⤵
      • Executes dropped EXE
      PID:1396
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
      2⤵
      • Executes dropped EXE
      PID:1408

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
    Filesize

    193KB

    MD5

    dbe4c857907d6cecc1771d8f7f3aacc9

    SHA1

    f207f629904ac04608a81f4fa15e9b7f63b159cc

    SHA256

    36ac3e98c21c3ec94e7ff4ee65b99544f4053c841c4ce31afdbaa2abf21dd36c

    SHA512

    b7043f9b0f98f5f4c55e0a8595e01a8d8052fd77c9f31a47785c421b576eb4a5072070c94b0b13a108d65e8fade1be6d9053c1a93105ed5b7285b073eaf87893

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
    Filesize

    193KB

    MD5

    dbe4c857907d6cecc1771d8f7f3aacc9

    SHA1

    f207f629904ac04608a81f4fa15e9b7f63b159cc

    SHA256

    36ac3e98c21c3ec94e7ff4ee65b99544f4053c841c4ce31afdbaa2abf21dd36c

    SHA512

    b7043f9b0f98f5f4c55e0a8595e01a8d8052fd77c9f31a47785c421b576eb4a5072070c94b0b13a108d65e8fade1be6d9053c1a93105ed5b7285b073eaf87893

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
    Filesize

    193KB

    MD5

    dbe4c857907d6cecc1771d8f7f3aacc9

    SHA1

    f207f629904ac04608a81f4fa15e9b7f63b159cc

    SHA256

    36ac3e98c21c3ec94e7ff4ee65b99544f4053c841c4ce31afdbaa2abf21dd36c

    SHA512

    b7043f9b0f98f5f4c55e0a8595e01a8d8052fd77c9f31a47785c421b576eb4a5072070c94b0b13a108d65e8fade1be6d9053c1a93105ed5b7285b073eaf87893

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\Server.exe
    Filesize

    193KB

    MD5

    dbe4c857907d6cecc1771d8f7f3aacc9

    SHA1

    f207f629904ac04608a81f4fa15e9b7f63b159cc

    SHA256

    36ac3e98c21c3ec94e7ff4ee65b99544f4053c841c4ce31afdbaa2abf21dd36c

    SHA512

    b7043f9b0f98f5f4c55e0a8595e01a8d8052fd77c9f31a47785c421b576eb4a5072070c94b0b13a108d65e8fade1be6d9053c1a93105ed5b7285b073eaf87893

    Download Submit

  • memory/1396-57-0x0000000000400000-0x0000000000410400-memory.dmp

    Filesize

    65KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.