Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

060a4fdb78...50.exe

windows7-x64

7

060a4fdb78...50.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    16/11/2023, 03:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    060a4fdb7816a9e9354f46abe08ecb9f58137994bc0dc1a7fddddc4b7e4b5950.exe

  • Size

    3.0MB

  • MD5

    5a63caa455d49b61af7e26b730b16038

  • SHA1

    0753b71bfad1263da09a2f6c585a04d2c60a1cdd

  • SHA256

    060a4fdb7816a9e9354f46abe08ecb9f58137994bc0dc1a7fddddc4b7e4b5950

  • SHA512

    0514158b69eea96b612f70a850ffdc05ad87b4a52fbac4c535741a6f6dce3e1d0e6ab0b94b91924b6ce8c39dc32d3537c33c07d3ac17edfc19b4a8344c18de12

  • SSDEEP

    49152:S5V9HFqlO+P5HyFDeqBReJagf07l+fbzboeThRv7Gosu3D4:mI0+xHQgfDoeThBGosD

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\060a4fdb7816a9e9354f46abe08ecb9f58137994bc0dc1a7fddddc4b7e4b5950.exe
    "C:\Users\Admin\AppData\Local\Temp\060a4fdb7816a9e9354f46abe08ecb9f58137994bc0dc1a7fddddc4b7e4b5950.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2416
    • C:\Windows\system32\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\060a4fdb7816a9e9354f46abe08ecb9f58137994bc0dc1a7fddddc4b7e4b5950.exe" C:\Users\Admin\AppData\Local\Microsoft\33NrEwYym5Xw1x1qQ -C:\Users\Admin\AppData\Local\Microsoft\33NrEwYym5Xw1x1qQ -C:\Users\Admin\AppData\Local\Microsoft\33NrEwYym5Xw1x1qQ -DOSbQsPDQ
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2244
      • C:\Users\Admin\AppData\Local\Temp\060a4fdb7816a9e9354f46abe08ecb9f58137994bc0dc1a7fddddc4b7e4b5950.exe
        C:\Users\Admin\AppData\Local\Temp\060a4fdb7816a9e9354f46abe08ecb9f58137994bc0dc1a7fddddc4b7e4b5950.exe C:\Users\Admin\AppData\Local\Microsoft\33NrEwYym5Xw1x1qQ -C:\Users\Admin\AppData\Local\Microsoft\33NrEwYym5Xw1x1qQ -C:\Users\Admin\AppData\Local\Microsoft\33NrEwYym5Xw1x1qQ -DOSbQsPDQ
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3024
        • C:\Windows\system32\cmd.exe
          cmd /c "C:\Users\Admin\AppData\Local\Microsoft\33NrEwYym5Xw1x1qQ\\Hure0.exe"
          4⤵
            PID:2632
            • C:\Users\Admin\AppData\Local\Microsoft\33NrEwYym5Xw1x1qQ\Hure0.exe
              C:\Users\Admin\AppData\Local\Microsoft\33NrEwYym5Xw1x1qQ\\Hure0.exe
              5⤵
              • Executes dropped EXE
              PID:2696
      • C:\Windows\system32\cmd.exe
        cmd /c mkdir C:\Users\Admin\AppData\Local\Microsoft\33NrEwYym5Xw1x1qQ
        2⤵
          PID:2080

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\33NrEwYym5Xw1x1qQ\Hure0.exe
        Filesize

        1.4MB

        MD5

        a135678f9650689720b0d6024ffc55e5

        SHA1

        f5c08c7bcdff02dafb3d724d6e7ce2e70eba2ca0

        SHA256

        46c2650cbb699d71b108819b209da19fcb137b620befd1104a010f2f6b678531

        SHA512

        f056ae6e944e74ac4c032e3a94946de015998fd4182cf24f96764c93768f4cc6d539611c3dab59da258fadaae2a7e2becdcfb35704b7bd88b56796ccf46fe456

        Download Submit