Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

ipscan25.exe

windows7-x64

4

ipscan25.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    151s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/06/2023, 13:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ipscan25.exe

  • Size

    9.1MB

  • MD5

    c55d5da577c245ee3b93de71e649a3fe

  • SHA1

    7eceb2feb878085eb40e765482f33aba1b6b3be0

  • SHA256

    73a638af070b53749e9a81c95efc78449c2ac12f186c0240c14b398666f091dd

  • SHA512

    7e0e83ea3e311c7d36bf5c7b358725ad343d1b7bf5dc22c4bfec61561be0b6d6ec545ec58a4c750f8133c266ddfd7982513413bfa70c5d80c3d71309aeb2a85c

  • SSDEEP

    196608:yQ+aMh+KQvISYfvlC9wHrmdu3wAcVs3SEFhw6TzM17SQeIeisL:OfjJSYfc9wrAuArVs3SE06019eBiU

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ipscan25.exe
    "C:\Users\Admin\AppData\Local\Temp\ipscan25.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4664
    • C:\Users\Admin\AppData\Local\Temp\is-TAI7H.tmp\ipscan25.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-TAI7H.tmp\ipscan25.tmp" /SL5="$A006C,9016275,139776,C:\Users\Admin\AppData\Local\Temp\ipscan25.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-HO5J8.tmp\aips_is_install_dll.dll
    Filesize

    370KB

    MD5

    c0fbe07702824663577ffc7ad2cb5fac

    SHA1

    a5184b9d50ca116f9e94c5e42585af9bb2eb71b3

    SHA256

    44a0e85017f632fcd1102739186543499036079442a49b4c04b230de1a02189a

    SHA512

    f0c9d3e38d93dc477ded0f2de6e79301ce24205842bdb11c27d4e3dd39207748dac9978a16ec1f101aad05a057ae21dd8f1b4289b75862ff2c8775b169f1ed04

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-TAI7H.tmp\ipscan25.tmp
    Filesize

    1.1MB

    MD5

    b87639f9a6cf5ba8c9e1f297c5745a67

    SHA1

    ce4758849b53af582d2d8a1bc0db20683e139fcc

    SHA256

    ec8252a333f68865160e26dc95607f2c49af00f78c657f7f8417ab9d86e90bf7

    SHA512

    9626fc4aa4604eee7ededa62b9dc78a3f6fe388eaf1fa6c916a3715b0dff65c417eede156d82398c2400977a36457122565e15e0ed0e435b28cb9f796005c1c0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-TAI7H.tmp\ipscan25.tmp
    Filesize

    1.1MB

    MD5

    b87639f9a6cf5ba8c9e1f297c5745a67

    SHA1

    ce4758849b53af582d2d8a1bc0db20683e139fcc

    SHA256

    ec8252a333f68865160e26dc95607f2c49af00f78c657f7f8417ab9d86e90bf7

    SHA512

    9626fc4aa4604eee7ededa62b9dc78a3f6fe388eaf1fa6c916a3715b0dff65c417eede156d82398c2400977a36457122565e15e0ed0e435b28cb9f796005c1c0

    Download Submit

  • memory/3624-139-0x00000000022C0000-0x00000000022C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3624-149-0x0000000000400000-0x0000000000530000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3624-150-0x00000000022C0000-0x00000000022C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4664-133-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/4664-148-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download