Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0c2f6769d0...06.exe

windows7-x64

7

0c2f6769d0...06.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/12/2023, 10:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0c2f6769d0768ec720ae27a7f2f1ff06.exe

  • Size

    3.1MB

  • MD5

    0c2f6769d0768ec720ae27a7f2f1ff06

  • SHA1

    dd0ac92a2469db77758c26df210f73840176871d

  • SHA256

    ef85cbb5f5bdcd6ccbf87215411ca2ac8b0432b248668db03dcb9c3fe53b2561

  • SHA512

    53b3c4c2e906b264c7700ea7fdf5b77a4eafe2a838a46fd10f2921e5ea9ce0760ec603035ab96369e12be24c340136b43843e29d9ec767ad1179eec6ff3b0c7d

  • SSDEEP

    98304:5mSWOiIyUo9qnLE3AHxVt7fR1ySchkGluyuAVLUjH5oxFbxx:5XCkLE3AR/fqNhtluyuAVUjZEdx

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c2f6769d0768ec720ae27a7f2f1ff06.exe
    "C:\Users\Admin\AppData\Local\Temp\0c2f6769d0768ec720ae27a7f2f1ff06.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3336
    • C:\Users\Admin\AppData\Local\Temp\4825.tmp
      "C:\Users\Admin\AppData\Local\Temp\4825.tmp" --splashC:\Users\Admin\AppData\Local\Temp\0c2f6769d0768ec720ae27a7f2f1ff06.exe 71DF070D654872E8712FE73EE85B7BFFF5C85448E607A6D43E09CBA18795FC5E23964C25A3F6BAE813884C4751DC6BA87440ED1269E1E45B55B6A968799F5AC0
      2⤵
      • Executes dropped EXE
      PID:3828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4825.tmp
    Filesize

    2.1MB

    MD5

    1aaf2057cab1a52491e3944a9e480708

    SHA1

    bb6f039db9fd2182db91132b7784db0d6bab7717

    SHA256

    2a1a9353f2b8f6fa9d08c4bb33dd5fdaa2e2950d3fc4f6401deba73713d78d22

    SHA512

    31fc80f3b2063f2b7f989bcfcfde8d1e0482cd1b18cbca1c96b36c216b559edd00b9e3ea420c12b663b09e5bd3996f30b048b928bc93d75000d4c92ada22114e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4825.tmp
    Filesize

    1.9MB

    MD5

    5990b6587e2965c03c6de1277a00585a

    SHA1

    1c2fb7c89e629fdc8dca26931cf8295db95b738f

    SHA256

    4eecb7e752926b874bcc0213db206f4b22618269716bfcdb4c7d32bb2267f9c1

    SHA512

    2ad6e58edb3a19563ceab0f0cc7071e7523320e244f2c5ca765a33ad502c2bc0157ea57416475250628c740e0ed59df55a776ccf07d671e286a0924cdf677cd1

    Download Submit

  • memory/3336-0-0x0000000000400000-0x000000000071F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3828-5-0x0000000000400000-0x000000000071F000-memory.dmp

    Filesize

    3.1MB

    Download