Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8ccc7f360a...53.exe

windows7-x64

7

8ccc7f360a...53.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 13:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8ccc7f360a61a4529ec4463e67257fb045425e72db6cb01ed438646ae82d1b53.exe

  • Size

    812KB

  • MD5

    783263a5157b9d5cb70335625e0d5450

  • SHA1

    e42497fdd47c2b5a76465df12ff257c17c9882e0

  • SHA256

    8ccc7f360a61a4529ec4463e67257fb045425e72db6cb01ed438646ae82d1b53

  • SHA512

    137d01b3e7f7d9943b9bedde4fec555d0ec9e5f91c9d49eaf69d3bcc959fb27342a5a0d4864ab12e1b0efbae7971e5b6a6ee307e61545e0fe7b6ede6f6b1988b

  • SSDEEP

    12288:9qmytVdB0rPEDb3kCoI641jxy7GHEX2rnAv8MktrOKxp22CMOZ/1Sq:9qxtVfNDb31oT41+aneOrO4p2zMOZ/V

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ccc7f360a61a4529ec4463e67257fb045425e72db6cb01ed438646ae82d1b53.exe
    "C:\Users\Admin\AppData\Local\Temp\8ccc7f360a61a4529ec4463e67257fb045425e72db6cb01ed438646ae82d1b53.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:2776
    • C:\Users\Admin\AppData\Local\Temp\1E0F0B0F120C156A155F15F0D0F160E0E160F.exe
      C:\Users\Admin\AppData\Local\Temp\1E0F0B0F120C156A155F15F0D0F160E0E160F.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:4348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1E0F0B0F120C156A155F15F0D0F160E0E160F.exe
    Filesize

    812KB

    MD5

    578b018df79cb8a2335b986af40e45c8

    SHA1

    a8a7f5d3e7c1f86d3424c8836e1f831c61243d56

    SHA256

    4958c4e4240b99690039c10b7775d75f58236e356ce6978bdb9c3481350136d7

    SHA512

    303231343015c7e501cd94984765c7c1c876cc5939cc5ad8e0ac2c889ec188a5f626b33ab76de6f3f3c259d8122ce0abd17486f5b2ec8133ffb8079cc32d8fb6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1E0F0B0F120C156A155F15F0D0F160E0E160F.exe
    Filesize

    812KB

    MD5

    578b018df79cb8a2335b986af40e45c8

    SHA1

    a8a7f5d3e7c1f86d3424c8836e1f831c61243d56

    SHA256

    4958c4e4240b99690039c10b7775d75f58236e356ce6978bdb9c3481350136d7

    SHA512

    303231343015c7e501cd94984765c7c1c876cc5939cc5ad8e0ac2c889ec188a5f626b33ab76de6f3f3c259d8122ce0abd17486f5b2ec8133ffb8079cc32d8fb6

    Download Submit

  • memory/2776-0-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2776-2-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2776-9-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/4348-8-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/4348-11-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/4348-12-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download