Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

d487da39a0...ex.exe

windows7-x64

7

d487da39a0...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    10/07/2023, 17:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d487da39a0c300exeexeexeex.exe

  • Size

    63KB

  • MD5

    d487da39a0c300e49109df3f3acd76b2

  • SHA1

    2abb4c3b22eeb2079c250b9bc5192e4943dc9b8f

  • SHA256

    2f5622e67611fe6423897010d59758773d994d7b587f1ba098bd9148cb7a1493

  • SHA512

    d57d8fcb5892cc5cc46d543b1af069f8dfecb9ba2f20e5bd4b26a031bbe5a3d61699c0ebe4439c6785ad9e06b280a7f8b83740a18a50c5483693e3df53784d30

  • SSDEEP

    1536:z6QFElP6n+gKmddpMOtEvwDpj9aYaFAetiD:z6a+CdOOtEvwDpjQe

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d487da39a0c300exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\d487da39a0c300exeexeexeex.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1312
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2304

Network

  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
    Response
    emrlogistics.com
    IN CNAME
    traff-4.hugedomains.com
    traff-4.hugedomains.com
    IN CNAME
    hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com
    hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com
    IN A
    52.86.6.113
    hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com
    IN A
    3.94.41.167
  • 52.86.6.113:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 3.94.41.167:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 52.86.6.113:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 3.94.41.167:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 52.86.6.113:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 3.94.41.167:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 52.86.6.113:443
    emrlogistics.com
    asih.exe
    104 B
     2
  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    62 B
     192 B
     1
    1

    DNS Request

    emrlogistics.com

    DNS Response

    52.86.6.113
    3.94.41.167

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    63KB

    MD5

    84e725dc0a0aeae0447b499d5dd015f1

    SHA1

    0215e3a4fc570ca65b251752b822e2ccde41b94b

    SHA256

    ee2f74788ea9c8081d52d84dd05cab7f3f8f8dce8291165fe1bb0e650046edf6

    SHA512

    c7151a11b1258ddc14edde6c68009294dc17eb5ec69dd598cb56ae4ee2454b29a152b0a5b3853d82efd6ebafefcdaa1328daa3492b04516a2440020ba19316a0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    63KB

    MD5

    84e725dc0a0aeae0447b499d5dd015f1

    SHA1

    0215e3a4fc570ca65b251752b822e2ccde41b94b

    SHA256

    ee2f74788ea9c8081d52d84dd05cab7f3f8f8dce8291165fe1bb0e650046edf6

    SHA512

    c7151a11b1258ddc14edde6c68009294dc17eb5ec69dd598cb56ae4ee2454b29a152b0a5b3853d82efd6ebafefcdaa1328daa3492b04516a2440020ba19316a0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    63KB

    MD5

    84e725dc0a0aeae0447b499d5dd015f1

    SHA1

    0215e3a4fc570ca65b251752b822e2ccde41b94b

    SHA256

    ee2f74788ea9c8081d52d84dd05cab7f3f8f8dce8291165fe1bb0e650046edf6

    SHA512

    c7151a11b1258ddc14edde6c68009294dc17eb5ec69dd598cb56ae4ee2454b29a152b0a5b3853d82efd6ebafefcdaa1328daa3492b04516a2440020ba19316a0

    Download Submit

  • memory/1312-54-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1312-55-0x0000000000300000-0x0000000000306000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1312-66-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2304-69-0x00000000002E0000-0x00000000002E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2304-76-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.