Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

d2e50ddfa2...ex.exe

windows7-x64

7

d2e50ddfa2...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/07/2023, 16:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d2e50ddfa2f4bcexeexeexeex.exe

  • Size

    75KB

  • MD5

    d2e50ddfa2f4bc534c2bbdc61f6b407c

  • SHA1

    def9c53471d460021ec1b52da70c6b7e86916cae

  • SHA256

    f9cbc2da11f872f15d09ba62f0c25dc8cd7afab07e427a4368c3458307da079a

  • SHA512

    8a89a6b021be988a982bb5b7842d99ddd9ae2a7ec1c7658fdc16eeacab3008c4c74a9a7bb67b1a978791732ec15392efd2f8c7b5bef1652520fcbc6f76b7dfee

  • SSDEEP

    1536:P8mnK6QFElP6n+gymddpMOtEvwDpjIHsalDSz:1nK6a+qdOOtEvwDpjB

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d2e50ddfa2f4bcexeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\d2e50ddfa2f4bcexeexeexeex.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3104
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:656

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    75KB

    MD5

    a5d4baa125d6fcd56fa535a14588c80f

    SHA1

    dc02177360b90a246314db4aa3569faa051b7cc7

    SHA256

    5b85946c911d62f9a44ae7ad57a44aa1d3418c04ecbd352aa218bbae43dbf2d6

    SHA512

    b78b2ec6cd72e4f299a910e0a4a198e663857c849750cf436197896b7279dc1fd75c535bac90c953aa0faa0b4e1982243377f42388a607c2238248b9ac48f138

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    75KB

    MD5

    a5d4baa125d6fcd56fa535a14588c80f

    SHA1

    dc02177360b90a246314db4aa3569faa051b7cc7

    SHA256

    5b85946c911d62f9a44ae7ad57a44aa1d3418c04ecbd352aa218bbae43dbf2d6

    SHA512

    b78b2ec6cd72e4f299a910e0a4a198e663857c849750cf436197896b7279dc1fd75c535bac90c953aa0faa0b4e1982243377f42388a607c2238248b9ac48f138

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    75KB

    MD5

    a5d4baa125d6fcd56fa535a14588c80f

    SHA1

    dc02177360b90a246314db4aa3569faa051b7cc7

    SHA256

    5b85946c911d62f9a44ae7ad57a44aa1d3418c04ecbd352aa218bbae43dbf2d6

    SHA512

    b78b2ec6cd72e4f299a910e0a4a198e663857c849750cf436197896b7279dc1fd75c535bac90c953aa0faa0b4e1982243377f42388a607c2238248b9ac48f138

    Download Submit

  • memory/656-151-0x0000000000670000-0x0000000000676000-memory.dmp

    Filesize

    24KB

    Download

  • memory/656-157-0x0000000000500000-0x000000000050F311-memory.dmp

    Filesize

    60KB

    Download

  • memory/3104-133-0x0000000000500000-0x000000000050F311-memory.dmp

    Filesize

    60KB

    Download

  • memory/3104-134-0x0000000000510000-0x0000000000516000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3104-135-0x0000000000630000-0x0000000000636000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3104-150-0x0000000000500000-0x000000000050F311-memory.dmp

    Filesize

    60KB

    Download