Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

af92a59c5f...50.exe

windows7-x64

7

af92a59c5f...50.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/12/2023, 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af92a59c5f110d0cbb84e33e34f31950.exe

  • Size

    1.9MB

  • MD5

    af92a59c5f110d0cbb84e33e34f31950

  • SHA1

    0b1d8085edf49188529cb950aeb0f0204422bbe7

  • SHA256

    f456c4258e3abb2cd8ed7872fb8e10515bf3838a31b21aad374e1bd28a1c5f49

  • SHA512

    b080d133f844fe92d3f3b51aa5bfc13a0c7d09b8c56c9e8fc75f86da76f98496bfcfce9bea84df853a51fb03e63b94c7198fd8e3e4f46cefa5c19971926608c6

  • SSDEEP

    49152:Qoa1taC070dWx8YAQdeC/MgqL9Q+2Ev4Q:Qoa1taC04OzS99t7

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\af92a59c5f110d0cbb84e33e34f31950.exe
    "C:\Users\Admin\AppData\Local\Temp\af92a59c5f110d0cbb84e33e34f31950.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Users\Admin\AppData\Local\Temp\E3F7.tmp
      "C:\Users\Admin\AppData\Local\Temp\E3F7.tmp" --splashC:\Users\Admin\AppData\Local\Temp\af92a59c5f110d0cbb84e33e34f31950.exe F013A72C305D2FACC4766EAFD2CD53375E8049E3C72F0B2AC9CA77D54215AD17E680724895461483FD81CEA64135DE76A5881412EF0985CDA6995734CD5F0EF2
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\E3F7.tmp
    Filesize

    1.9MB

    MD5

    4a51659a3d187e06c7611cafc6781948

    SHA1

    c5b9857c09b3a0d75f1dbe6d828b1ff629e8bfb3

    SHA256

    35026f27b4d6ebacf78b45f7ee1ec0f78846c7fcb95967995cf65d6c630a0075

    SHA512

    d5b582578582214432af0068bdb74710ddbbf92ef65088b7297063e3d0d517bfd4e8b82c5469ee673358e71cbc5f30fe61ef1388f2eb15bbfd31f4f8fdf422b3

    Download Submit

  • memory/3008-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4080-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download