Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c3b79720d9...26.exe

windows7-x64

7

c3b79720d9...26.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    160s
  • max time network
    170s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 02:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c3b79720d9a9463b871fc10062a9d8c0eb0c72f5f960da598ef649fab8821f26.exe

  • Size

    812KB

  • MD5

    f8eae9c64efb9da552fcbc023494e83c

  • SHA1

    2704f90760f45e522634f272cb8e9e61908275b6

  • SHA256

    c3b79720d9a9463b871fc10062a9d8c0eb0c72f5f960da598ef649fab8821f26

  • SHA512

    2a2be1fe37e7c497da84518b949e1bddab7c266be244f2c74a487dcc45c122dbe569f2e54a7f9dd7d1be76efbba37d8bae1975b6bae7b6ab78ad19652f8f0373

  • SSDEEP

    12288:BqmytVdB0rPEDb3kCoI641jxy7GHEX2rnAv8MktrOKxp22CMOZ/1Sq:BqxtVfNDb31oT41+aneOrO4p2zMOZ/V

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c3b79720d9a9463b871fc10062a9d8c0eb0c72f5f960da598ef649fab8821f26.exe
    "C:\Users\Admin\AppData\Local\Temp\c3b79720d9a9463b871fc10062a9d8c0eb0c72f5f960da598ef649fab8821f26.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:760
    • C:\Users\Admin\AppData\Local\Temp\1C0B0D0D120B156F155F15E0C0A160B0D160B.exe
      C:\Users\Admin\AppData\Local\Temp\1C0B0D0D120B156F155F15E0C0A160B0D160B.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:3756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1C0B0D0D120B156F155F15E0C0A160B0D160B.exe
    Filesize

    812KB

    MD5

    9595147919a902dedec2a6c916405387

    SHA1

    0906cc98ff5aa4f93c5f3ef936bf3ae5ae66e93f

    SHA256

    3e12325d065cd2ac3060cfe9298063e7172fc91f84cb09f73520c04ab5cbc3fc

    SHA512

    bd575d8472d47e33a66bad0d87b5ed54b436e3a697fc4ad558b2f983df9254fb0a398e7f0b4c39fb568eb6c7fc87d149ef866bf0ce05b5d451d01143bb41aaf2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1C0B0D0D120B156F155F15E0C0A160B0D160B.exe
    Filesize

    812KB

    MD5

    9595147919a902dedec2a6c916405387

    SHA1

    0906cc98ff5aa4f93c5f3ef936bf3ae5ae66e93f

    SHA256

    3e12325d065cd2ac3060cfe9298063e7172fc91f84cb09f73520c04ab5cbc3fc

    SHA512

    bd575d8472d47e33a66bad0d87b5ed54b436e3a697fc4ad558b2f983df9254fb0a398e7f0b4c39fb568eb6c7fc87d149ef866bf0ce05b5d451d01143bb41aaf2

    Download Submit

  • memory/760-0-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/760-2-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/760-9-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3756-8-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3756-10-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3756-11-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download