Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ec13b3baff...f0.exe

windows7-x64

7

ec13b3baff...f0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 11:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe

  • Size

    728KB

  • MD5

    fcfea5b5ee2bc17fbc364fdb8a0ca2df

  • SHA1

    0998ad4a8c5eaf83cdd0bb82b3142946efa5066a

  • SHA256

    ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0

  • SHA512

    1cb4fa2034458b0570129f495d685f143ff66a66f4b64f2558745b64a58620cf2cc453100fb751faf454bb0da20b991b9c542869d7851d1d158b4e94844619a0

  • SSDEEP

    12288:P+BhHODYCNq5PFL3VldHxee67IwiWjV5VwzgNDxRiu78Cu:P+BhHOkCNq5lllZxb6ae/ogNNRiuYCu

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe
    "C:\Users\Admin\AppData\Local\Temp\ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1648
    • C:\Users\Admin\AppData\Local\Temp\ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe
      C:\Users\Admin\AppData\Local\Temp\ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe --
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe
    Filesize

    729KB

    MD5

    3691339b7fa484d0adb744ef2fc15e36

    SHA1

    64b0f5d7d5d9cb93b986de68b2cc25179fa16585

    SHA256

    243ef72d74dfa813db2b5a2e68fbb6241c9098eb2a0e8b399ebb309cb4b5ba9d

    SHA512

    cbbd104bd234c969b0884afd2ec2cac75e61cfe2703cf31462437ea37a4cea3cdd88159dc1cd1e2af932a73fd05f9779a947a06eeab6d34436bed2bb6370ebd9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe
    Filesize

    729KB

    MD5

    3691339b7fa484d0adb744ef2fc15e36

    SHA1

    64b0f5d7d5d9cb93b986de68b2cc25179fa16585

    SHA256

    243ef72d74dfa813db2b5a2e68fbb6241c9098eb2a0e8b399ebb309cb4b5ba9d

    SHA512

    cbbd104bd234c969b0884afd2ec2cac75e61cfe2703cf31462437ea37a4cea3cdd88159dc1cd1e2af932a73fd05f9779a947a06eeab6d34436bed2bb6370ebd9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe.bak
    Filesize

    728KB

    MD5

    1a8f6cb088fb16b772bc7d8f9c3c1bbd

    SHA1

    1026ae18ac1f373e6bdc9140c798134892a9fde1

    SHA256

    e7a131696b5bbee32591fcbf687d27a28a3cd591be61e784d52344eccaea41a4

    SHA512

    247a9dd87ce19ab9ffc5e22b90dc871f57ed61b21b10094eb23406be82f7e7e502dda5be243ab6b127b31c78c4ea276ef2d674d1354a277ed39350835b5a10b2

    Download Submit

  • memory/1648-9-0x0000000000400000-0x00000000004CF000-memory.dmp

    Filesize

    828KB

    Download