Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

6b87a83640...ex.exe

windows7-x64

7

6b87a83640...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    76s
  • max time network
    80s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2023, 10:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6b87a83640d9c8exeexeexeex.exe

  • Size

    412KB

  • MD5

    6b87a83640d9c8f5c2625045e51f8253

  • SHA1

    31acc1d7a2297a7dbfc4d7968f75669a3fc119c2

  • SHA256

    d8f21c94fca09911b02cccbe37b87f731335d91c6e7095b93f54dc3126cc97da

  • SHA512

    cd4bb9c7b2904bbfa30288a919f99f86ec768cdc696718f0e29c206418cc65d6be4bf5ac6b5367282c7c576dfe183896b53133801c5549fd57792c23028236a1

  • SSDEEP

    6144:UooTAQjKG3wDGAeIc9kphIoDZngByQ1q1tUiEeLYO4Q3hc7FZPCJ0sU3BQa7P:U6PCrIc9kph5m3wqeL07FZPCJk3z7

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6b87a83640d9c8exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\6b87a83640d9c8exeexeexeex.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2240
    • C:\Users\Admin\AppData\Local\Temp\1BAC.tmp
      "C:\Users\Admin\AppData\Local\Temp\1BAC.tmp" --pingC:\Users\Admin\AppData\Local\Temp\6b87a83640d9c8exeexeexeex.exe 0B85AEC4A6F2A91498E6ADED21AD7A6B5046A54A1E8D74992E15CF6D1302D681A98FA395231A38F7CD95EF8E9714F66A8222F3539988F0E75AAA2372F466952E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1BAC.tmp
    Filesize

    412KB

    MD5

    f3a25dc0015456ea64f5382062747fa7

    SHA1

    a0013f446d7251bff03d8b756f3fb285d9d08244

    SHA256

    fd4c1d70a3328d7e91f92e89d181839ae69a141ac1e0a11be1c4e260878a1d4a

    SHA512

    ee25544c4861c292911c4bdcc20c8b52e46f07c2a52fa9658d670a5e09c1bf626a3c4ee353f797d44cdb1d3690f3b690f0375378814cf96fd2e38d7035fba3d9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\1BAC.tmp
    Filesize

    412KB

    MD5

    f3a25dc0015456ea64f5382062747fa7

    SHA1

    a0013f446d7251bff03d8b756f3fb285d9d08244

    SHA256

    fd4c1d70a3328d7e91f92e89d181839ae69a141ac1e0a11be1c4e260878a1d4a

    SHA512

    ee25544c4861c292911c4bdcc20c8b52e46f07c2a52fa9658d670a5e09c1bf626a3c4ee353f797d44cdb1d3690f3b690f0375378814cf96fd2e38d7035fba3d9

    Download Submit