Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0afebef166...eb.exe

windows7-x64

7

0afebef166...eb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2023, 10:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0afebef1662b7c98e35215b9f8c064eb.exe

  • Size

    1.1MB

  • MD5

    0afebef1662b7c98e35215b9f8c064eb

  • SHA1

    0f7d13097edc10130dc1ec00ab8cedcd73cf02bb

  • SHA256

    18e2becfddb9389884cfcd173b33d099adacf7fd069113c6c0da088a96868245

  • SHA512

    0f854d309dcb5973fc68a902750af6aeccce2bc7e6eff17372fe156c4ca5e5ebe43f29eacbdd1ac86f68d3cba751d4aea5a060578d25cfcc3bb532a1eaddf259

  • SSDEEP

    24576:SypW9SgLNZaOdcTMuUvxIg28VZLZaVCkeZTMnV8YwiU:St9SgLNZa6xIOVQCDTMnVjBU

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0afebef1662b7c98e35215b9f8c064eb.exe
    "C:\Users\Admin\AppData\Local\Temp\0afebef1662b7c98e35215b9f8c064eb.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2640
    • C:\Users\Admin\AppData\Local\Temp\5947.tmp
      "C:\Users\Admin\AppData\Local\Temp\5947.tmp" --pingC:\Users\Admin\AppData\Local\Temp\0afebef1662b7c98e35215b9f8c064eb.exe 070824C5A15C0EB936976D836DA663D415C5BDFEE63B09122D28B5F9313BF97DC94FF5F83FC5B4D348C6A4A56698ED0DB990259D7D8CED44BB685E0E88E35CC9
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5947.tmp
    Filesize

    446KB

    MD5

    894093cb121b75685a9253759fc8f419

    SHA1

    ebe4b6f2dd7aceb35825f6a1019c2efc12f36fa4

    SHA256

    bca80bdad39a7a90e7abec9081339df37dde8dbd6b1f37c673f0df64cfec9985

    SHA512

    d644680c1fb4204157c8323658b20a5c38aa01142c7f9f91ef764e10535310e2d7252d9715cf5e57d55d799fd7e9a29bcca09c62f1ccc911ce2f2a7be7afcdbf

    Download Submit

  • \Users\Admin\AppData\Local\Temp\5947.tmp
    Filesize

    975KB

    MD5

    0ca572bbeaa06339a73626487b5383e1

    SHA1

    eb424f81c9f5c3096922506bbcb2854013a25fe2

    SHA256

    1944d39a782179e19774f8a834f12e7ecf95b292addb1bd8bddf8073541034a7

    SHA512

    3cf5ff7e61868321d66a88e9c55b0ae0103a2bd18b0c68e12e977fbdcdb9f12bac72a168974906112152cc5162903677f08f4cb0d5787f9d2dc0ef8e2ba29c9f

    Download Submit

  • memory/1060-8-0x00000000005C0000-0x0000000000610000-memory.dmp

    Filesize

    320KB

    Download

  • memory/1060-9-0x0000000000140000-0x0000000000285000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1060-11-0x00000000005C0000-0x0000000000610000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2640-0-0x0000000001000000-0x0000000001145000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2640-1-0x0000000000170000-0x00000000001C0000-memory.dmp

    Filesize

    320KB

    Download