Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

5655e7d538...70.exe

windows7-x64

7

5655e7d538...70.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/05/2023, 23:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5655e7d53829fc5c81a4def81d2876aaeaec9ecc40eecc7966e51abba9c38e70.exe

  • Size

    755KB

  • MD5

    0af3484ed04ac95e8a84d3b06c4180c0

  • SHA1

    15943666568f09c0751b027a42413851df2c6932

  • SHA256

    5655e7d53829fc5c81a4def81d2876aaeaec9ecc40eecc7966e51abba9c38e70

  • SHA512

    c4da82bacbeb4f1aa85421d99d0de53c847e720dbd686a55eec97a641464ee19411bb8e9c0959666d3ac80b3503d1dad65de5e08c91e18c620a9cecfb4bc7c05

  • SSDEEP

    12288:VQi3oc6m6UR0Itlp1hf39Wkv8xwJld8kO:VQi4zHITpdUMkkO

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5655e7d53829fc5c81a4def81d2876aaeaec9ecc40eecc7966e51abba9c38e70.exe
    "C:\Users\Admin\AppData\Local\Temp\5655e7d53829fc5c81a4def81d2876aaeaec9ecc40eecc7966e51abba9c38e70.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4052
    • C:\Users\Admin\AppData\Local\Temp\is-AN1PQ.tmp\5655e7d53829fc5c81a4def81d2876aaeaec9ecc40eecc7966e51abba9c38e70.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-AN1PQ.tmp\5655e7d53829fc5c81a4def81d2876aaeaec9ecc40eecc7966e51abba9c38e70.tmp" /SL5="$8002A,506127,422400,C:\Users\Admin\AppData\Local\Temp\5655e7d53829fc5c81a4def81d2876aaeaec9ecc40eecc7966e51abba9c38e70.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-0PINE.tmp\idp.dll
    Filesize

    216KB

    MD5

    8f995688085bced38ba7795f60a5e1d3

    SHA1

    5b1ad67a149c05c50d6e388527af5c8a0af4343a

    SHA256

    203d7b61eac96de865ab3b586160e72c78d93ab5532b13d50ef27174126fd006

    SHA512

    043d41947ab69fc9297dcb5ad238acc2c35250d1172869945ed1a56894c10f93855f0210cbca41ceee9efb55fd56a35a4ec03c77e252409edc64bfb5fb821c35

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-AN1PQ.tmp\5655e7d53829fc5c81a4def81d2876aaeaec9ecc40eecc7966e51abba9c38e70.tmp
    Filesize

    1.0MB

    MD5

    6e8d8cabf1efb3f98adba1eed48e5a1e

    SHA1

    6ca75501f3eb4753afe1810ba761588021bd68c9

    SHA256

    8db82765fa0993c181346d9182d013271b7326e4c8415ce1e97bf606cd6474f6

    SHA512

    e3bb3029a9b50cfa18dc616aa2e04b7d0537efdedeb83ee40e976f5089e3e76b844c1e7e85d867f6c925ef8d8ed79de60a4ea7de5ee6127a52c6f7bbfcb7690f

    Download Submit

  • memory/2104-138-0x0000000002250000-0x0000000002251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2104-150-0x0000000000400000-0x0000000000516000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4052-133-0x0000000000400000-0x000000000046D000-memory.dmp

    Filesize

    436KB

    Download

  • memory/4052-152-0x0000000000400000-0x000000000046D000-memory.dmp

    Filesize

    436KB

    Download