Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

RC7.exe

windows7-x64

7

RC7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    28s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    24/10/2023, 10:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RC7.exe

  • Size

    5.9MB

  • MD5

    a182caf9eac2984fe420ba38dee42589

  • SHA1

    dad2e80fbba6ef855d01f5e0a429863de14e3069

  • SHA256

    05311e59be8266ba7a34622879ac1ed2e8d345bf6aef65e5ec57ba95861b981d

  • SHA512

    e97ce5939e47c06a920fc49fda06bae210aa6a98063fce37cb1bbefbc837f27c28a4e63c7d4ae18746cd1916399c6b5b1e955f4e1452ee0b4a24d57f3491bfd4

  • SSDEEP

    98304:pxmoDUN43WeeqOjOjFgFEblNHYSxTpirSHcUR43zrwkdA8QJCKC7bN3mb6a2nMdT:pxumWewOjmFwDRxtYSHdK34kdai7bN3i

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RC7.exe
    "C:\Users\Admin\AppData\Local\Temp\RC7.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Users\Admin\AppData\Local\Temp\RC7.exe
      "C:\Users\Admin\AppData\Local\Temp\RC7.exe"
      2⤵
      • Loads dropped DLL
      PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI20722\python310.dll
    Filesize

    1.4MB

    MD5

    4a6afa2200b1918c413d511c5a3c041c

    SHA1

    39ca3c2b669adac07d4a5eb1b3b79256cfe0c3b3

    SHA256

    bec187f608507b57cf0475971ba646b8ab42288af8fdcf78bce25f1d8c84b1da

    SHA512

    dbffb06ffff0542200344ea9863a44a6f1e1b783379e53df18580e697e8204d3911e091deb32a9c94b5599cdd54301b705b74e1f51104151cf13b89d57280a20

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI20722\python310.dll
    Filesize

    1.4MB

    MD5

    4a6afa2200b1918c413d511c5a3c041c

    SHA1

    39ca3c2b669adac07d4a5eb1b3b79256cfe0c3b3

    SHA256

    bec187f608507b57cf0475971ba646b8ab42288af8fdcf78bce25f1d8c84b1da

    SHA512

    dbffb06ffff0542200344ea9863a44a6f1e1b783379e53df18580e697e8204d3911e091deb32a9c94b5599cdd54301b705b74e1f51104151cf13b89d57280a20

    Download Submit

  • memory/2720-23-0x000007FEF62E0000-0x000007FEF6746000-memory.dmp

    Filesize

    4.4MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.