Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

711f7f29ce...2d.exe

windows7-x64

7

711f7f29ce...2d.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    19s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 13:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    711f7f29ce32f5e67880577d240c38b39f30cabe084c5dd29e39169b74e50d2d.exe

  • Size

    62KB

  • MD5

    701d52c18945c7191b7cacea1d8c1c05

  • SHA1

    b8f560dcc9abb1861cd7fdf6771cb8dbb01c5041

  • SHA256

    711f7f29ce32f5e67880577d240c38b39f30cabe084c5dd29e39169b74e50d2d

  • SHA512

    1e0a640275f62f73fe17ffe72b8c864228741a822a5dc9e196205e14607df457e6b33e0d47737b6499a66425475ba6d6302daa85609340c42a22cfcfd97f524c

  • SSDEEP

    1536:E25b7AbekJQ2dfh+6TE7MWwP5GuqhcJ3YXju:l5bci6pJTE7U5GuqhcJ3Yzu

Score
7/10

Malware Config

Signatures

  • Drops startup file 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1220
      • C:\Users\Admin\AppData\Local\Temp\711f7f29ce32f5e67880577d240c38b39f30cabe084c5dd29e39169b74e50d2d.exe
        "C:\Users\Admin\AppData\Local\Temp\711f7f29ce32f5e67880577d240c38b39f30cabe084c5dd29e39169b74e50d2d.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:564
        • C:\Users\Admin\AppData\Local\Temp\711f7f29ce32f5e67880577d240c38b39f30cabe084c5dd29e39169b74e50d2d.exe
          "C:\Users\Admin\AppData\Local\Temp\711f7f29ce32f5e67880577d240c38b39f30cabe084c5dd29e39169b74e50d2d.exe"
          3⤵
          • Drops startup file
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:280

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/280-58-0x0000000000400000-0x0000000000406000-memory.dmp

      Filesize

      24KB

      Download

    • memory/280-62-0x0000000000400000-0x0000000000406000-memory.dmp

      Filesize

      24KB

      Download

    • memory/280-65-0x0000000000400000-0x0000000000406000-memory.dmp

      Filesize

      24KB

      Download

    • memory/564-54-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/564-55-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/564-56-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/564-57-0x0000000075D01000-0x0000000075D03000-memory.dmp

      Filesize

      8KB

      Download

    • memory/564-60-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/1220-63-0x0000000002A10000-0x0000000002A13000-memory.dmp

      Filesize

      12KB

      Download