Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

MacroRecor...up.exe

windows7-x64

7

MacroRecor...up.exe

windows10-2004-x64

7

Resubmissions

30/09/2023, 02:39

230930-c5m6qshf42 7

30/09/2023, 02:34

230930-c2ncbshf24 7

Analysis

  • max time kernel
    143s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/09/2023, 02:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MacroRecorderSetup.exe

  • Size

    2.6MB

  • MD5

    50307092df1de5735811933cefad0b85

  • SHA1

    fcf6d604a542d6aebee2e6828966387367b04cbf

  • SHA256

    864d70dd755dab8431c2465531067cf8130166585e55dd4c4bb7de3df54a1967

  • SHA512

    0cf5ece8b4ab2e302136f9bf65c89f6d4d79f5cad7989250b04ffb6c110009db081fc817b653c0bfdd54c6da8e7c1b6cafc0ed157ba72cef9ddd863f3f12dd90

  • SSDEEP

    49152:Aqe3f6QX7FIsEl4404EcVZvUWN6NuFXL+fLLMtj7yWRBywyYkHeBnI:VSijsEl904EcVuWN6yMLAtj2sEwlpVI

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MacroRecorderSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\MacroRecorderSetup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4240
    • C:\Users\Admin\AppData\Local\Temp\is-EBR29.tmp\MacroRecorderSetup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-EBR29.tmp\MacroRecorderSetup.tmp" /SL5="$501E6,1902330,780800,C:\Users\Admin\AppData\Local\Temp\MacroRecorderSetup.exe"
      2⤵
      • Executes dropped EXE
      PID:3944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-EBR29.tmp\MacroRecorderSetup.tmp
    Filesize

    2.9MB

    MD5

    5f60fcd65065f14167a21d790ec39d05

    SHA1

    7930a70c8f96b743fd5a2a3923a6ea99280e53e0

    SHA256

    0b3a2cfecc43852e4999f817af79722ac0a18b3aaa749d40fa173bcc803fe2a8

    SHA512

    74b8edd32f3bb40a21cd1ab7c106f330d80318fc61153e4fed01200e2733e79310028b2fe3ebd83b7fc3392bcaba8ccd4aa990ab3ad571fbf779c5be5ff2e463

    Download Submit

  • memory/3944-6-0x00000000026A0000-0x00000000026A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3944-9-0x0000000000400000-0x00000000006EE000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/3944-10-0x00000000026A0000-0x00000000026A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4240-1-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/4240-8-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download