Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

68391e2e7b...ex.exe

windows7-x64

7

68391e2e7b...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    31s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2023, 09:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    68391e2e7b1821exeexeexeex.exe

  • Size

    411KB

  • MD5

    68391e2e7b182114dd74caa101302b3b

  • SHA1

    d0b5bb05f8d526515b21980282f56d4b7fdd976e

  • SHA256

    2ed44e21a3521f7339b96b8eeecddf2876959a6b97677735d79ef15c82883096

  • SHA512

    1590b7111ab187a5ddf6f188388406f9d246498d2da731ddb07abf0ab9296e1508e87f58bf25bda67cca621e983e17ca4d39b3da7cbfa955d4a2715360643d89

  • SSDEEP

    6144:gVdvczEb7GUOpYWhNVynE/mFCy3+7I4A6LiEOM4aab0KV39SqHI:gZLolhNVyETA+7I4A62x7R0qHI

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\68391e2e7b1821exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\68391e2e7b1821exeexeexeex.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Users\Admin\AppData\Local\Temp\2656.tmp
      "C:\Users\Admin\AppData\Local\Temp\2656.tmp" --pingC:\Users\Admin\AppData\Local\Temp\68391e2e7b1821exeexeexeex.exe D81386C1FF65719C534978AEF8EEF83AEE6387EAC1ACB0853A7F2B9ED7788A68189EA8CCA0EFE4B35C1B271702ACDAC5EEADF5BED46C0FFEC73EC66394D7927C
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2656.tmp
    Filesize

    411KB

    MD5

    55ba171229c6a83d61b594b29622139d

    SHA1

    134e663aafc997cfe6ef07136651e8185054dd52

    SHA256

    0cf075a137127649b2eace8631ff8215446134ce2f021bf8080730d1e7bc3d85

    SHA512

    22fd5754a3eb7568f02923f0a9a0f43f9b3ba4692a4eac61b3f24fd2b51e38dee15bd366e848367d6153f8c4de737dad207c3d61adfa3f1385b93423731fd442

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2656.tmp
    Filesize

    411KB

    MD5

    55ba171229c6a83d61b594b29622139d

    SHA1

    134e663aafc997cfe6ef07136651e8185054dd52

    SHA256

    0cf075a137127649b2eace8631ff8215446134ce2f021bf8080730d1e7bc3d85

    SHA512

    22fd5754a3eb7568f02923f0a9a0f43f9b3ba4692a4eac61b3f24fd2b51e38dee15bd366e848367d6153f8c4de737dad207c3d61adfa3f1385b93423731fd442

    Download Submit