Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8bc4eba355...ex.exe

windows7-x64

7

8bc4eba355...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/07/2023, 17:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8bc4eba3558f90exeexeexeex.exe

  • Size

    412KB

  • MD5

    8bc4eba3558f90acee4ff235b5be1d65

  • SHA1

    3f7dad9ccdebec74416e0b25ac57fb135b1c2578

  • SHA256

    f6b52f83546221947f8ff771b14cc45d05bcc0597d7879d68adc77a5802a789d

  • SHA512

    a2c1ba0dbeefdf14fb7b4621dbbde95949348e49afcbffda9bc74672918e395e3ed48fe299e9707d9117c127db3627cb284c4b39f3230ab8c99ba38cfb01fad0

  • SSDEEP

    6144:UooTAQjKG3wDGAeIc9kphIoDZnjpZT4NzzrJO+jIiAG2bZWDi/BbvpbnR8RP:U6PCrIc9kph5l4N3sFlG2kDOrR0

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8bc4eba3558f90exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\8bc4eba3558f90exeexeexeex.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4104
    • C:\Users\Admin\AppData\Local\Temp\878F.tmp
      "C:\Users\Admin\AppData\Local\Temp\878F.tmp" --pingC:\Users\Admin\AppData\Local\Temp\8bc4eba3558f90exeexeexeex.exe 0A091D589346865BCA98540C7A350235F85EC8FAEE7138C8A9A385D2DBE4FA63151B802325DF9DD8BCE40FD0077C8F2885395ABD2F8CEC9B3F3A87B150A7D480
      2⤵
      • Executes dropped EXE
      PID:4788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\878F.tmp
    Filesize

    412KB

    MD5

    fd29f948ff0970a9cd6d39afe4bcc6e2

    SHA1

    a5ead9def34b58d438fb15fcbc5e774b3e038a0f

    SHA256

    541d7e3a99484949dcbd1c0c6437c57f84555864940020bb017cda83485ec51e

    SHA512

    dc8bdac541ea790bf5c6eb5c36e16114e48995c4664f38cb1db39423b40bf5fc21b89f5fac320b35d8f943e35af47d0ba76fb9991438bcb48802d77a95232512

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\878F.tmp
    Filesize

    412KB

    MD5

    fd29f948ff0970a9cd6d39afe4bcc6e2

    SHA1

    a5ead9def34b58d438fb15fcbc5e774b3e038a0f

    SHA256

    541d7e3a99484949dcbd1c0c6437c57f84555864940020bb017cda83485ec51e

    SHA512

    dc8bdac541ea790bf5c6eb5c36e16114e48995c4664f38cb1db39423b40bf5fc21b89f5fac320b35d8f943e35af47d0ba76fb9991438bcb48802d77a95232512

    Download Submit