Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

18e2bc1143...89.exe

windows7-x64

18e2bc1143...89.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    96s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/12/2023, 11:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18e2bc1143252d739b093d0cca638c89.exe

  • Size

    1.9MB

  • MD5

    18e2bc1143252d739b093d0cca638c89

  • SHA1

    71ea15daf3f8aec3eb96f13d96f14221eaacd3c0

  • SHA256

    7214201a581a08db100c662f2d0c5c526f186680b0ab2d933ec6d986de80e817

  • SHA512

    b20d366f890d2983f95f51a670bad6b1d8a544ef4efb4c758db443700e75f5d61fd9fa5d4aee4c6fcf98b88a2338b03a0101520e768c67fce0b806dab0e3d58f

  • SSDEEP

    49152:Qoa1taC070dsVb7hwi7+Lxv+QW89Kct8jK+Bpp:Qoa1taC0ceixmQQrKM

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\18e2bc1143252d739b093d0cca638c89.exe
    "C:\Users\Admin\AppData\Local\Temp\18e2bc1143252d739b093d0cca638c89.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4428
    • C:\Users\Admin\AppData\Local\Temp\4779.tmp
      "C:\Users\Admin\AppData\Local\Temp\4779.tmp" --splashC:\Users\Admin\AppData\Local\Temp\18e2bc1143252d739b093d0cca638c89.exe CF97691AABCFAB89719FBA0859893ABFB4104CEA9DFE675D4B4E32EB1EA0A26FB4E9B9A01B606861CE51DD672A50CAA8F434FA5380BE3B461CBFC83A003EFBF4
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4779.tmp
    Filesize

    1.9MB

    MD5

    c6f53f5f1a7ba24ee43ce9c0b38e89f9

    SHA1

    ad12a163196d2c218fc96ff4373e4bfcd6565068

    SHA256

    8dc449264f39d7cc9caea2311fc49ccae17afabbef3792fca999b2f49d8df1ad

    SHA512

    0fd72d7ae526f7934b0ded64a95ca1ff74405a566f77f2888f42c525cf1567be61f46c8c46b30d87f32b3687b90f9304f9bb4c28b18fe0b1c53abe3c836b3151

    Download Submit

  • memory/1368-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4428-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download