Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

35e6903f50...07.exe

windows7-x64

7

35e6903f50...07.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/10/2023, 19:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    35e6903f50ac0a868fcb2862ffc626a4f0571161ac1c01560dd0424a02044e07.exe

  • Size

    816KB

  • MD5

    776349986584ddfab084409ad9071d11

  • SHA1

    0319e8f8522c8c1be53b8ec81e289a2a37fdda7a

  • SHA256

    35e6903f50ac0a868fcb2862ffc626a4f0571161ac1c01560dd0424a02044e07

  • SHA512

    f68f93ca85cbbff950339a07e325d1c47f174e3facd88e016b99d5c7e76aec215e0036d2a08eb4a90cadc2ff2dc17d6ee4f7d534714290706fe2d86d56bcd7c5

  • SSDEEP

    24576:MY4G2qLMJalsnqShyoo77lUabuSvbDQOOdIxJsG9R:h3XZynV4oDabuWbDQOcIxJJ9R

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\35e6903f50ac0a868fcb2862ffc626a4f0571161ac1c01560dd0424a02044e07.exe
    "C:\Users\Admin\AppData\Local\Temp\35e6903f50ac0a868fcb2862ffc626a4f0571161ac1c01560dd0424a02044e07.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Users\Admin\AppData\Local\Temp\1B0F0D0D120E156E155F15F0D0A160E0F160E.exe
      C:\Users\Admin\AppData\Local\Temp\1B0F0D0D120E156E155F15F0D0A160E0F160E.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:3288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1B0F0D0D120E156E155F15F0D0A160E0F160E.exe
    Filesize

    816KB

    MD5

    f7ac2cc0dc9accbda575d1c0bae31b53

    SHA1

    bfd2edce9562ee7f50b59c833e9895e692046317

    SHA256

    276a2262d6a4fdf8a1106e4c9b1d0d311020bd4ac09c0570fbf9c8217c6fd529

    SHA512

    d7614b6aa1e715cedb57cd8861f5391181447f14dbcb04da1e594a1983183980e25b304a71ed72e262b07a4aae436ca9ba3fa82b8976a0bf64604a570d990c8e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1B0F0D0D120E156E155F15F0D0A160E0F160E.exe
    Filesize

    816KB

    MD5

    f7ac2cc0dc9accbda575d1c0bae31b53

    SHA1

    bfd2edce9562ee7f50b59c833e9895e692046317

    SHA256

    276a2262d6a4fdf8a1106e4c9b1d0d311020bd4ac09c0570fbf9c8217c6fd529

    SHA512

    d7614b6aa1e715cedb57cd8861f5391181447f14dbcb04da1e594a1983183980e25b304a71ed72e262b07a4aae436ca9ba3fa82b8976a0bf64604a570d990c8e

    Download Submit

  • memory/2876-0-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2876-2-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2876-1-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2876-8-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3288-9-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3288-11-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3288-12-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download