Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

windowsdes...64.exe

windows7-x64

8

windowsdes...64.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    144s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/08/2023, 01:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    windowsdesktop-runtime-6.0.20-win-x64.exe

  • Size

    54.7MB

  • MD5

    2dd697493474c5b7329f012364580ad6

  • SHA1

    ac76529b02e3c2704eae53229051dcab00508296

  • SHA256

    b812dbd07dec698b2b4b97d68643b2f494659c1c0c13b215abbe077c0facaa09

  • SHA512

    eefd2e2dabb633b0d6c7e523dbdf072c9634088cc6d38c63aaa17c004e38366bcf2dcf5305093b5279a7366c11e177366ceb9d48c14600e140f2efef6caa6308

  • SSDEEP

    1572864:tOn0f2waM91i2rFqo5Mst0rqzAHVuKtRBYcAmCQp9sqV:tJBaKi2rIoplKQ2Dp6qV

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.20-win-x64.exe
    "C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.20-win-x64.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:812
    • C:\Windows\Temp\{BCCF18AA-8F2F-4850-B42C-2FB41C92A9EF}\.cr\windowsdesktop-runtime-6.0.20-win-x64.exe
      "C:\Windows\Temp\{BCCF18AA-8F2F-4850-B42C-2FB41C92A9EF}\.cr\windowsdesktop-runtime-6.0.20-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.20-win-x64.exe" -burn.filehandle.attached=548 -burn.filehandle.self=544
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\{A94AC063-2230-4AE0-9EA5-A59C69F4AA0B}\.ba\bg.png
    Filesize

    4KB

    MD5

    9eb0320dfbf2bd541e6a55c01ddc9f20

    SHA1

    eb282a66d29594346531b1ff886d455e1dcd6d99

    SHA256

    9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

    SHA512

    9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

    Download Submit

  • C:\Windows\Temp\{A94AC063-2230-4AE0-9EA5-A59C69F4AA0B}\.ba\wixstdba.dll
    Filesize

    197KB

    MD5

    4356ee50f0b1a878e270614780ddf095

    SHA1

    b5c0915f023b2e4ed3e122322abc40c4437909af

    SHA256

    41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

    SHA512

    b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

    Download Submit

  • C:\Windows\Temp\{BCCF18AA-8F2F-4850-B42C-2FB41C92A9EF}\.cr\windowsdesktop-runtime-6.0.20-win-x64.exe
    Filesize

    610KB

    MD5

    4f0d17ee48ebf364bab9e4ecc004503c

    SHA1

    18728133071f8dc3587504b5c6da8ea286c4dfd2

    SHA256

    99f2a911a6c616555db73fa88bbc7917ee61e3e5b1df8c0e1990552469104849

    SHA512

    d62dc58299b84fe3bf9a929c7ac112988e8c6876625144590f7345c1c30b531c683d89dd4dd498f7e3334230526df6079a3aeebb8d7339a3368370a749f45cfa

    Download Submit

  • C:\Windows\Temp\{BCCF18AA-8F2F-4850-B42C-2FB41C92A9EF}\.cr\windowsdesktop-runtime-6.0.20-win-x64.exe
    Filesize

    610KB

    MD5

    4f0d17ee48ebf364bab9e4ecc004503c

    SHA1

    18728133071f8dc3587504b5c6da8ea286c4dfd2

    SHA256

    99f2a911a6c616555db73fa88bbc7917ee61e3e5b1df8c0e1990552469104849

    SHA512

    d62dc58299b84fe3bf9a929c7ac112988e8c6876625144590f7345c1c30b531c683d89dd4dd498f7e3334230526df6079a3aeebb8d7339a3368370a749f45cfa

    Download Submit