Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b17ff8e331...ex.exe

windows7-x64

7

b17ff8e331...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2023, 15:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b17ff8e331cf13exeexeexeex.exe

  • Size

    39KB

  • MD5

    b17ff8e331cf13d44fb4ae91b405c2f6

  • SHA1

    5c23a41b55a075286ae4d107efe13efbb9239b6e

  • SHA256

    e996d5fe56b9de583d08c083c9f48f723f17d18ac198483f0c3fb95f4db1266b

  • SHA512

    6eb018044da1cafe436e629058f5fd9fdc8ef3e9ba384a9fff4d12f3c4f4ed802a005e0a4de0ade4833de8d8cc2295cb05ea8c6ccccf54e1802bfe99d8e0efdb

  • SSDEEP

    768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpjeJQLI3JUCoHzJ:V6QFElP6n+gMQMOtEvwDpjeJQybI

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b17ff8e331cf13exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\b17ff8e331cf13exeexeexeex.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1364
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2344

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    39KB

    MD5

    eca2e26b8d3304d1f0d7c0fe39470bf0

    SHA1

    6734c41ea15736d6b86fb9c843e1eba937870637

    SHA256

    a6dd997df5d7f75cbeb7aa6c4d0217d0819c6335b96f8d565edc012713b32289

    SHA512

    10c5f4f8bc6037515e1b80e1d13516115258c7b109829ed5b34f783502b066009ab3ab739ce4fc427272a076854db199ce02ef96d441f500ba1bd3d3e1f53377

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    39KB

    MD5

    eca2e26b8d3304d1f0d7c0fe39470bf0

    SHA1

    6734c41ea15736d6b86fb9c843e1eba937870637

    SHA256

    a6dd997df5d7f75cbeb7aa6c4d0217d0819c6335b96f8d565edc012713b32289

    SHA512

    10c5f4f8bc6037515e1b80e1d13516115258c7b109829ed5b34f783502b066009ab3ab739ce4fc427272a076854db199ce02ef96d441f500ba1bd3d3e1f53377

    Download Submit

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    39KB

    MD5

    eca2e26b8d3304d1f0d7c0fe39470bf0

    SHA1

    6734c41ea15736d6b86fb9c843e1eba937870637

    SHA256

    a6dd997df5d7f75cbeb7aa6c4d0217d0819c6335b96f8d565edc012713b32289

    SHA512

    10c5f4f8bc6037515e1b80e1d13516115258c7b109829ed5b34f783502b066009ab3ab739ce4fc427272a076854db199ce02ef96d441f500ba1bd3d3e1f53377

    Download Submit

  • memory/1364-54-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1364-55-0x0000000000370000-0x0000000000376000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2344-68-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download