Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b7d7db059c...00.exe

windows7-x64

7

b7d7db059c...00.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2023, 12:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b7d7db059c24941e43dd20f56e8c5ea0ebcc283a055a4c27272fa6bb4b1b6e00.exe

  • Size

    812KB

  • MD5

    f27cbbdac6b7a6f99ebd6997632195ba

  • SHA1

    f98a4d952cc7b21a30351768ce695f6fd1085571

  • SHA256

    b7d7db059c24941e43dd20f56e8c5ea0ebcc283a055a4c27272fa6bb4b1b6e00

  • SHA512

    e40c046115fe38fee8b748832835a89163d446b76525dbfe350c63c133968abb96fe9b6ffb9889912c2687c41584b7dd4c6724e85a8b449d8ef92da6b5fe4628

  • SSDEEP

    12288:4qmytVdB0rPEDb3kCoI641jxy7GHEX2rnAv8MktrOKxp22CMOZ/1Sq:4qxtVfNDb31oT41+aneOrO4p2zMOZ/V

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7d7db059c24941e43dd20f56e8c5ea0ebcc283a055a4c27272fa6bb4b1b6e00.exe
    "C:\Users\Admin\AppData\Local\Temp\b7d7db059c24941e43dd20f56e8c5ea0ebcc283a055a4c27272fa6bb4b1b6e00.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:1936
    • C:\Users\Admin\AppData\Local\Temp\1A0D0D0A120C156D155E15F0E0C160D0A160F.exe
      C:\Users\Admin\AppData\Local\Temp\1A0D0D0A120C156D155E15F0E0C160D0A160F.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:1456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1A0D0D0A120C156D155E15F0E0C160D0A160F.exe
    Filesize

    812KB

    MD5

    7ab64e34c333a282fd82f2221fae2e6e

    SHA1

    fae506eb7882963642968eb2e048f432c3baa22f

    SHA256

    79a168b4cd2197154dffc87a58e1b378ff4bb6d6f55d77462df6f95d56295380

    SHA512

    025acd7961af3bb665c44ca77ea0624119eb9107a01b3b26192c79b09d06af63d0e4e88b2a687a81ebe4eefc777f2a29d0e03dd7ea2da138905ed4ad934ba01d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1A0D0D0A120C156D155E15F0E0C160D0A160F.exe
    Filesize

    812KB

    MD5

    7ab64e34c333a282fd82f2221fae2e6e

    SHA1

    fae506eb7882963642968eb2e048f432c3baa22f

    SHA256

    79a168b4cd2197154dffc87a58e1b378ff4bb6d6f55d77462df6f95d56295380

    SHA512

    025acd7961af3bb665c44ca77ea0624119eb9107a01b3b26192c79b09d06af63d0e4e88b2a687a81ebe4eefc777f2a29d0e03dd7ea2da138905ed4ad934ba01d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\1A0D0D0A120C156D155E15F0E0C160D0A160F.exe
    Filesize

    812KB

    MD5

    7ab64e34c333a282fd82f2221fae2e6e

    SHA1

    fae506eb7882963642968eb2e048f432c3baa22f

    SHA256

    79a168b4cd2197154dffc87a58e1b378ff4bb6d6f55d77462df6f95d56295380

    SHA512

    025acd7961af3bb665c44ca77ea0624119eb9107a01b3b26192c79b09d06af63d0e4e88b2a687a81ebe4eefc777f2a29d0e03dd7ea2da138905ed4ad934ba01d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\1A0D0D0A120C156D155E15F0E0C160D0A160F.exe
    Filesize

    812KB

    MD5

    7ab64e34c333a282fd82f2221fae2e6e

    SHA1

    fae506eb7882963642968eb2e048f432c3baa22f

    SHA256

    79a168b4cd2197154dffc87a58e1b378ff4bb6d6f55d77462df6f95d56295380

    SHA512

    025acd7961af3bb665c44ca77ea0624119eb9107a01b3b26192c79b09d06af63d0e4e88b2a687a81ebe4eefc777f2a29d0e03dd7ea2da138905ed4ad934ba01d

    Download Submit

  • memory/1456-14-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1456-17-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1456-16-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1936-0-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1936-2-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1936-1-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1936-11-0x0000000002040000-0x00000000021EB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1936-12-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.