Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    1563s
  • max time network
    1568s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    15/12/2023, 18:30

General

  • Target

    main.exe

  • Size

    17.7MB

  • MD5

    04401eef109c1534d39ba27a26270c0b

  • SHA1

    feca6ba30271ee0b262f52c13cf19221c3cb2ede

  • SHA256

    63fd4b96f40a3e14c7c75f0c86bff300f3ebdab56290c444dc72dad40183b68a

  • SHA512

    e7d56cca62b1aa8fa2aa3584b67b3f2fa90f1268bf032083415783d91b22b13bad0554092da09c890ba86af7cabd8436314db71c275a86e9fe7be64e688c3414

  • SSDEEP

    393216:4qPnLFXlr8gQpDOETgsvfGMwegF6u7vEbKtiLRq:pPLFXNlQoEDY6fsQk

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\main.exe
    "C:\Users\Admin\AppData\Local\Temp\main.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Users\Admin\AppData\Local\Temp\main.exe
      "C:\Users\Admin\AppData\Local\Temp\main.exe"
      2⤵
      • Loads dropped DLL
      PID:1000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI20402\python310.dll

    Filesize

    832KB

    MD5

    bc10f3f0299d39371a775724621fa5d1

    SHA1

    7903b5bdca4933dae7bbb72741c3dbb6c1687c4a

    SHA256

    fff9c49361f923ac2d33e51d9d7117dc77348ce902477bb7dfc7719b5e486009

    SHA512

    e67fb4b7a69c5516c135321dd0c9400eaaf09fbfbbf36507279409bc1b07ffd0e989ed3af47de7026cae9e5aa2832c138f967bf13bb44cf3d95e38425305260c

  • \Users\Admin\AppData\Local\Temp\_MEI20402\python310.dll

    Filesize

    1.2MB

    MD5

    67b3602b535baa6b08f3907a747e21d9

    SHA1

    62f3008ef445f83e641390638c4d386d76f1a630

    SHA256

    82dab30dfdd2853336bc5223fe0f130208010eb50281d8db5dd1247f9cc8467b

    SHA512

    bf51e5ebdb02e9bc7f6e20904b9feba0c1d27254d97f9fe806f8750d76a37c69a8f905160cd5071664f4089bec7d60218ffd7d659aefb7b6f288860c19c85e6c

  • memory/1000-113-0x000007FEF65B0000-0x000007FEF6A1E000-memory.dmp

    Filesize

    4.4MB