Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

af326fe96e...f6.exe

windows7-x64

8

af326fe96e...f6.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    339s
  • max time network
    418s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 12:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af326fe96e6fc4e362bec38c390f0ddf5d916f03c046c560b60ac9c22e285ef6.exe

  • Size

    475KB

  • MD5

    74b0d68077e1b458c18c2442d9446bb4

  • SHA1

    ce8f20daafe079bf7058b1f5d3066e2eb1408abc

  • SHA256

    af326fe96e6fc4e362bec38c390f0ddf5d916f03c046c560b60ac9c22e285ef6

  • SHA512

    4911f49dce1890a2688342b9a91dc0761159322f7998408afd5e709f35bac8c1ef3ae71939344d84e4fc068c5dff34a1e3ad218b92b3ba194b75c66a8bde3ec1

  • SSDEEP

    6144:K5fYH5EeQRFT7ZoizUP7mAbol4ol10WMJ1ELVyRjjJ0luhG1o6VyZWXyJnmYg:tQR17ZoiAbol9l1pawV6jj9uofQIq

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\af326fe96e6fc4e362bec38c390f0ddf5d916f03c046c560b60ac9c22e285ef6.exe
    "C:\Users\Admin\AppData\Local\Temp\af326fe96e6fc4e362bec38c390f0ddf5d916f03c046c560b60ac9c22e285ef6.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3648
    • C:\Users\Admin\AppData\Local\Temp\gssjucfwipgsbwk.exe
      "C:\Users\Admin\AppData\Local\Temp\\gssjucfwipgsbwk.exe"
      2⤵
      • Executes dropped EXE
      PID:1736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\gssjucfwipgsbwk.exe
    Filesize

    23KB

    MD5

    30ba07fb0e93c863ee537e16ed1b3400

    SHA1

    a6e26a6c6ffe99a61f85a22ca01a6e8dd805ecba

    SHA256

    e48a9282667eef3dd5ddb2129e6a533dd59796b4423c20c16a50125d37c99562

    SHA512

    2047cd5cb1c036f9a2dbf4131c9e559109e4fa59ee240b837c88116a3c47b4a40eccc98a2fa5f5a0d411d3e72727866a0988132a6698d929b0801e1107ed8682

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\gssjucfwipgsbwk.exe
    Filesize

    23KB

    MD5

    30ba07fb0e93c863ee537e16ed1b3400

    SHA1

    a6e26a6c6ffe99a61f85a22ca01a6e8dd805ecba

    SHA256

    e48a9282667eef3dd5ddb2129e6a533dd59796b4423c20c16a50125d37c99562

    SHA512

    2047cd5cb1c036f9a2dbf4131c9e559109e4fa59ee240b837c88116a3c47b4a40eccc98a2fa5f5a0d411d3e72727866a0988132a6698d929b0801e1107ed8682

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\parent.txt
    Filesize

    475KB

    MD5

    74b0d68077e1b458c18c2442d9446bb4

    SHA1

    ce8f20daafe079bf7058b1f5d3066e2eb1408abc

    SHA256

    af326fe96e6fc4e362bec38c390f0ddf5d916f03c046c560b60ac9c22e285ef6

    SHA512

    4911f49dce1890a2688342b9a91dc0761159322f7998408afd5e709f35bac8c1ef3ae71939344d84e4fc068c5dff34a1e3ad218b92b3ba194b75c66a8bde3ec1

    Download Submit

  • memory/1736-135-0x00007FFAF14C0000-0x00007FFAF1EF6000-memory.dmp

    Filesize

    10.2MB

    Download