Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

af92a59c5f...50.exe

windows7-x64

7

af92a59c5f...50.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2023, 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af92a59c5f110d0cbb84e33e34f31950.exe

  • Size

    1.9MB

  • MD5

    af92a59c5f110d0cbb84e33e34f31950

  • SHA1

    0b1d8085edf49188529cb950aeb0f0204422bbe7

  • SHA256

    f456c4258e3abb2cd8ed7872fb8e10515bf3838a31b21aad374e1bd28a1c5f49

  • SHA512

    b080d133f844fe92d3f3b51aa5bfc13a0c7d09b8c56c9e8fc75f86da76f98496bfcfce9bea84df853a51fb03e63b94c7198fd8e3e4f46cefa5c19971926608c6

  • SSDEEP

    49152:Qoa1taC070dWx8YAQdeC/MgqL9Q+2Ev4Q:Qoa1taC04OzS99t7

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\af92a59c5f110d0cbb84e33e34f31950.exe
    "C:\Users\Admin\AppData\Local\Temp\af92a59c5f110d0cbb84e33e34f31950.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Users\Admin\AppData\Local\Temp\7E83.tmp
      "C:\Users\Admin\AppData\Local\Temp\7E83.tmp" --splashC:\Users\Admin\AppData\Local\Temp\af92a59c5f110d0cbb84e33e34f31950.exe B7DFE7E9B787BA8BFFAE2844FCE383AC3CC7DCE4EACB3D5EFB4E02141A96DE07EDC71C8661D82E515841A46DA6558C6A24B56D504E3D993EAABF5C6CBFDACA15
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\7E83.tmp
    Filesize

    1.9MB

    MD5

    7802815bc6b526e1be9a191c7f65dbd4

    SHA1

    0982f2564177468b6aaae534fb8a3595575f9ac9

    SHA256

    4697efcd838ddd67d52bb4e4e9729e7b670de8909bef75a7bfca991740b91607

    SHA512

    60ef2598cced97ba8f438e932d1da1943b8194077cd0797f2efc3c46886a8ea9a2dcfd27435541e56f645821c37ef9a903da86193d035f51c78c555de671e194

    Download Submit

  • memory/2008-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2200-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download