Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

94ce7b0651...c5.exe

windows7-x64

7

94ce7b0651...c5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    24/08/2023, 15:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    94ce7b06515e60c6620048565c597a933f13070d4361af8b7f0ea09f072facc5.exe

  • Size

    7.2MB

  • MD5

    77aa6abcaedbc1bae0eada23bc61ad22

  • SHA1

    8e122304becadfb03d70bfaed6c284528152b0ee

  • SHA256

    94ce7b06515e60c6620048565c597a933f13070d4361af8b7f0ea09f072facc5

  • SHA512

    98863e2e3247843c94853796e1e757ee1641a9fbb5f50826afd4f84fc1522c8e5765694237851c1ce17a4210692f513415817b1a405f92b5b761f6eb5a8bc661

  • SSDEEP

    196608:pxQwZcUymL2V76+D3c/f/+SvYEYiZRO9oe50DY:8vmL2V76m3c/eALZRO9oVY

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\94ce7b06515e60c6620048565c597a933f13070d4361af8b7f0ea09f072facc5.exe
    "C:\Users\Admin\AppData\Local\Temp\94ce7b06515e60c6620048565c597a933f13070d4361af8b7f0ea09f072facc5.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3068
    • C:\Users\Admin\AppData\Local\Temp\94ce7b06515e60c6620048565c597a933f13070d4361af8b7f0ea09f072facc5.exe
      "C:\Users\Admin\AppData\Local\Temp\94ce7b06515e60c6620048565c597a933f13070d4361af8b7f0ea09f072facc5.exe"
      2⤵
      • Loads dropped DLL
      PID:2832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI30682\api-ms-win-core-file-l1-2-0.dll
    Filesize

    13KB

    MD5

    b4e78652f6aa8f89062dbd0e7bee1ded

    SHA1

    caf3d012d3b1cf09c47ef0dc55f075d931798d5e

    SHA256

    d79f192963618f86d2a0e768bdab8e8c4b92e0db1fff971102a5fee4f57ac6b0

    SHA512

    8e5b703c7b13c8f01e46a8b7a3854e578c8f4eb3b93192ac711b6a91b7aee7a1e2adeb6342fbf8a7b1604118e290c7ae53e171109cc8ee5888d66be5e004e0b5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI30682\api-ms-win-core-file-l2-1-0.dll
    Filesize

    13KB

    MD5

    c22fa18dd5cf90246805b9d28340cb18

    SHA1

    6739e1717549232b16dbc3697f83cac090b6a947

    SHA256

    79c233c7d14921e62cf3e6871b3333b200186f4e87dd6b18af2d52d99f0c41e8

    SHA512

    daa3f3d054f7bff729a2d528f396d5ae28428b0d89fb6db03620fee90e5d5a1ff591128dde4345c4224b40c0d49fa4c728d3ec000b71f9b8b11ffed5e88dea91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI30682\api-ms-win-core-localization-l1-2-0.dll
    Filesize

    15KB

    MD5

    5f7c66b604b6a32211061e8bd0af510a

    SHA1

    ae3332cd84507bf1692ed48cf43db92c66bbdb53

    SHA256

    e3c79834522f032216b391b2db002a2031257636bb330e50b493aafc08d5cc94

    SHA512

    594026a726d4cd71a98c1888025dacac9531285d2d999ae1b5fa021f03e9f67fcb322b7e2ad75e0fa5c5de2b3ef047310ec719156be39d5de2c64036b6894be0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI30682\api-ms-win-core-processthreads-l1-1-1.dll
    Filesize

    13KB

    MD5

    1e63cfd1f17af722bcb71e9e21e5234c

    SHA1

    a48988087242b2694fd2b72d539d25751b4e08eb

    SHA256

    22b3edc6413a32c93dad8f643ff1c48dab0822e89370090dd23efad8f24eb869

    SHA512

    d66df5f2fdd51b0305cee7859ca704bfd4e32f9be4c20c3896c5ade3d7257936eda8695ea465c1dc2add9f158d0c070397986313ada7a1e18378dce9ad28448a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI30682\api-ms-win-core-timezone-l1-1-0.dll
    Filesize

    13KB

    MD5

    ae3f200e55d7f5a61854443e0e8995b9

    SHA1

    08626c2f5116bc16880ac3a8cd5d2e84ce740111

    SHA256

    847888f015da853dded5e9e4f8146dac1c78dc88cffcd23a4eeddb3a1b491638

    SHA512

    38e701b3a2fd545b2accf0c28a720f7cd72055c9c5649fb7494f4a12a39a54727cc2fc9dee0a1155e47c48ea21e73f86e703b2dfff1f532ca89903237f289a42

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI30682\python310.dll
    Filesize

    4.3MB

    MD5

    c80b5cb43e5fe7948c3562c1fff1254e

    SHA1

    f73cb1fb9445c96ecd56b984a1822e502e71ab9d

    SHA256

    058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

    SHA512

    faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI30682\ucrtbase.dll
    Filesize

    987KB

    MD5

    7b809ab173d42eeac1173b8da32f885f

    SHA1

    fa6f239bbd881676804f994bb756e9319545b3f7

    SHA256

    108fd8ef417e441c3f4ad978f48f93053cae4a719fde055d65f482aaa2d1b978

    SHA512

    a20604ecc02ff622338ad6b81f683f7e483db72d2c7c26fb64ba9d6f5f8ecf6961aea443be31f58eb7843300aeba2f82be871157a74d894a48ac81581a4aa2b1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI30682\api-ms-win-core-file-l1-2-0.dll
    Filesize

    13KB

    MD5

    b4e78652f6aa8f89062dbd0e7bee1ded

    SHA1

    caf3d012d3b1cf09c47ef0dc55f075d931798d5e

    SHA256

    d79f192963618f86d2a0e768bdab8e8c4b92e0db1fff971102a5fee4f57ac6b0

    SHA512

    8e5b703c7b13c8f01e46a8b7a3854e578c8f4eb3b93192ac711b6a91b7aee7a1e2adeb6342fbf8a7b1604118e290c7ae53e171109cc8ee5888d66be5e004e0b5

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI30682\api-ms-win-core-file-l2-1-0.dll
    Filesize

    13KB

    MD5

    c22fa18dd5cf90246805b9d28340cb18

    SHA1

    6739e1717549232b16dbc3697f83cac090b6a947

    SHA256

    79c233c7d14921e62cf3e6871b3333b200186f4e87dd6b18af2d52d99f0c41e8

    SHA512

    daa3f3d054f7bff729a2d528f396d5ae28428b0d89fb6db03620fee90e5d5a1ff591128dde4345c4224b40c0d49fa4c728d3ec000b71f9b8b11ffed5e88dea91

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI30682\api-ms-win-core-localization-l1-2-0.dll
    Filesize

    15KB

    MD5

    5f7c66b604b6a32211061e8bd0af510a

    SHA1

    ae3332cd84507bf1692ed48cf43db92c66bbdb53

    SHA256

    e3c79834522f032216b391b2db002a2031257636bb330e50b493aafc08d5cc94

    SHA512

    594026a726d4cd71a98c1888025dacac9531285d2d999ae1b5fa021f03e9f67fcb322b7e2ad75e0fa5c5de2b3ef047310ec719156be39d5de2c64036b6894be0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI30682\api-ms-win-core-processthreads-l1-1-1.dll
    Filesize

    13KB

    MD5

    1e63cfd1f17af722bcb71e9e21e5234c

    SHA1

    a48988087242b2694fd2b72d539d25751b4e08eb

    SHA256

    22b3edc6413a32c93dad8f643ff1c48dab0822e89370090dd23efad8f24eb869

    SHA512

    d66df5f2fdd51b0305cee7859ca704bfd4e32f9be4c20c3896c5ade3d7257936eda8695ea465c1dc2add9f158d0c070397986313ada7a1e18378dce9ad28448a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI30682\api-ms-win-core-timezone-l1-1-0.dll
    Filesize

    13KB

    MD5

    ae3f200e55d7f5a61854443e0e8995b9

    SHA1

    08626c2f5116bc16880ac3a8cd5d2e84ce740111

    SHA256

    847888f015da853dded5e9e4f8146dac1c78dc88cffcd23a4eeddb3a1b491638

    SHA512

    38e701b3a2fd545b2accf0c28a720f7cd72055c9c5649fb7494f4a12a39a54727cc2fc9dee0a1155e47c48ea21e73f86e703b2dfff1f532ca89903237f289a42

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI30682\python310.dll
    Filesize

    4.3MB

    MD5

    c80b5cb43e5fe7948c3562c1fff1254e

    SHA1

    f73cb1fb9445c96ecd56b984a1822e502e71ab9d

    SHA256

    058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

    SHA512

    faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI30682\ucrtbase.dll
    Filesize

    987KB

    MD5

    7b809ab173d42eeac1173b8da32f885f

    SHA1

    fa6f239bbd881676804f994bb756e9319545b3f7

    SHA256

    108fd8ef417e441c3f4ad978f48f93053cae4a719fde055d65f482aaa2d1b978

    SHA512

    a20604ecc02ff622338ad6b81f683f7e483db72d2c7c26fb64ba9d6f5f8ecf6961aea443be31f58eb7843300aeba2f82be871157a74d894a48ac81581a4aa2b1

    Download Submit