Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

1

9269.exe

windows7-x64

1

9269.exe

windows10-2004-x64

5

Resubmissions

03/11/2023, 10:41

231103-mrbkwsag37 5

07/08/2023, 03:51

230807-eezsysef4v 5

Analysis

  • max time kernel
    142s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/08/2023, 03:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9269.exe

  • Size

    1.4MB

  • MD5

    711d8682ec215e6ec5fdbf6acc10240e

  • SHA1

    1786859b2ac480ff5698fad981aec52873b9f21a

  • SHA256

    b245325d21b53f21ee7d6a1a8ed3963fcb89cf9770c3d0476ca0544558eaabc3

  • SHA512

    77b68a54d52b03df21514200b6f34f68b3273e8024f4e528003ea4093fd7f4d3a099962a59283def4e4eadfd7f47eb7c4d798b9215e91f5c2178f66c952083e0

  • SSDEEP

    24576:hXNLeml1gXxVn/r5zmscdv5mQ5UOBrI5fTveb/Jz28wXTJvdx:hXZeml1gXxl5z+LmQvaDebRz28wXTzx

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9269.exe
    "C:\Users\Admin\AppData\Local\Temp\9269.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:4356
    • C:\Windows\SysWOW64\ftp.exe
      "C:\Windows\SysWOW64\ftp.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:32

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\21130b87
    Filesize

    806KB

    MD5

    4afac7ce8374da0902f8fad50f0c3bc4

    SHA1

    2cdbc6bafa1c4d58bf3b8de68ba67447fe239a27

    SHA256

    67795102332c64ce27e97093b315f95d1756e6337d93d96dc8c895767f09fa73

    SHA512

    6e308665920ae61cb09252c15e652898f265ef708090265d5ca2e8f46d187170b40a9d8d3fce079379fe353cb63a46c894658a03a4fe0cee43fe702eed12164e

    Download Submit

  • memory/32-136-0x00007FFA29150000-0x00007FFA29345000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/32-137-0x0000000003310000-0x0000000004564000-memory.dmp

    Filesize

    18.3MB

    Download

  • memory/32-139-0x0000000074260000-0x00000000754B4000-memory.dmp

    Filesize

    18.3MB

    Download

  • memory/32-140-0x0000000074260000-0x00000000754B4000-memory.dmp

    Filesize

    18.3MB

    Download

  • memory/32-141-0x0000000003310000-0x0000000004564000-memory.dmp

    Filesize

    18.3MB

    Download

  • memory/4356-133-0x00007FFA0A4F0000-0x00007FFA0BB67000-memory.dmp

    Filesize

    22.5MB

    Download