Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

fe6015c260...ff.exe

windows7-x64

8

fe6015c260...ff.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    109s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    04/12/2022, 03:43 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe6015c2605043211f6c1e3a18eef796f3f4339d7e337b020c5272817541e6ff.exe

  • Size

    273KB

  • MD5

    e2014d296f03f84f2a7ef0ef9f996243

  • SHA1

    77ef94ded67154b8b98543ec05408a6d14b10a2c

  • SHA256

    fe6015c2605043211f6c1e3a18eef796f3f4339d7e337b020c5272817541e6ff

  • SHA512

    ad9c89519d72992b0738a5a44b69f38ef5d47435f2d2f3cb8090cce03d696fc92ab31ad9d9b523fbc14b7cae57c42602664eb9862bc0a2f112cba1e0d825f99e

  • SSDEEP

    6144:wP3OASxV76Gts46GH67IHEMhWPYIwFWk8CtAgKxmTgdIPIAd:wPRJGa7fIc0usAhkgq

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fe6015c2605043211f6c1e3a18eef796f3f4339d7e337b020c5272817541e6ff.exe
    "C:\Users\Admin\AppData\Local\Temp\fe6015c2605043211f6c1e3a18eef796f3f4339d7e337b020c5272817541e6ff.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1620
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\uninstal.bat
      2⤵
      • Deletes itself
      PID:1516
  • C:\Windows\Exe
    C:\Windows\Exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Exe
    Filesize

    273KB

    MD5

    e2014d296f03f84f2a7ef0ef9f996243

    SHA1

    77ef94ded67154b8b98543ec05408a6d14b10a2c

    SHA256

    fe6015c2605043211f6c1e3a18eef796f3f4339d7e337b020c5272817541e6ff

    SHA512

    ad9c89519d72992b0738a5a44b69f38ef5d47435f2d2f3cb8090cce03d696fc92ab31ad9d9b523fbc14b7cae57c42602664eb9862bc0a2f112cba1e0d825f99e

    Download Submit

  • C:\Windows\Exe
    Filesize

    273KB

    MD5

    e2014d296f03f84f2a7ef0ef9f996243

    SHA1

    77ef94ded67154b8b98543ec05408a6d14b10a2c

    SHA256

    fe6015c2605043211f6c1e3a18eef796f3f4339d7e337b020c5272817541e6ff

    SHA512

    ad9c89519d72992b0738a5a44b69f38ef5d47435f2d2f3cb8090cce03d696fc92ab31ad9d9b523fbc14b7cae57c42602664eb9862bc0a2f112cba1e0d825f99e

    Download Submit

  • C:\Windows\uninstal.bat
    Filesize

    254B

    MD5

    c7ed4a8963ec9361e5c8c1e7f27f46ff

    SHA1

    afc9d3e6d6121948082a19ec786b43c61d1f8e03

    SHA256

    191677adff1a5f8f817880f66b29bad5b049195e31b60738a729e8e4c804c28d

    SHA512

    2811ad5029c62d504c4a22085b289d0bd1687e8bad9f347567785b9ceedfc7ee904cc0d79105b9d7ecc4aa101c5becc0c6ab89d6f5602c76a5f479b83c14cd48

    Download Submit

  • memory/1520-59-0x0000000000400000-0x00000000004CB011-memory.dmp

    Filesize

    812KB

    Download

  • memory/1620-54-0x0000000000400000-0x00000000004CB011-memory.dmp

    Filesize

    812KB

    Download

  • memory/1620-55-0x0000000075501000-0x0000000075503000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1620-61-0x0000000000400000-0x00000000004CB011-memory.dmp

    Filesize

    812KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.