Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

14c8d2e35f...d8.exe

windows7-x64

7

14c8d2e35f...d8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/12/2023, 11:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14c8d2e35f0bb3d2e6836215c525b0d8.exe

  • Size

    1.9MB

  • MD5

    14c8d2e35f0bb3d2e6836215c525b0d8

  • SHA1

    08969edf416d92471e0f0fedaed08d89f7403457

  • SHA256

    b7c698e144261026db338bdc519cebbd7f94f4eb727e2af83196b48fec8927c6

  • SHA512

    5edd26886c935665b883a99ea4027c2890dc06253fb390f00fb25ec87be61305c0c50a4307a0ce9c8c696748281e2e4eb4c26ca976aa240c9f1df88f08653710

  • SSDEEP

    49152:Qoa1taC070dU83peDSHjfpp2Eo7DRMZj8EY:Qoa1taC0T+7Bo79kbY

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14c8d2e35f0bb3d2e6836215c525b0d8.exe
    "C:\Users\Admin\AppData\Local\Temp\14c8d2e35f0bb3d2e6836215c525b0d8.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2120
    • C:\Users\Admin\AppData\Local\Temp\7455.tmp
      "C:\Users\Admin\AppData\Local\Temp\7455.tmp" --splashC:\Users\Admin\AppData\Local\Temp\14c8d2e35f0bb3d2e6836215c525b0d8.exe B09625968C79BEDE29FF2B2A95C5584585796631A1123DA1699BE73717D121E51E46729AF2C9D545E69E5ED047DEE681B1178719B6440B0564E796E0DEB44638
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7455.tmp
    Filesize

    900KB

    MD5

    0266898a2bc72d9c4213995c9f365782

    SHA1

    d368add897b810107fcd0c44dfad2092bb3c3122

    SHA256

    ccc308e99a2c72c1609e4b0a1f88d259b1bfab570b2cce554761113d76ac6438

    SHA512

    aef962594f2a8ad40f52181078b08e3f0e7cb5c8b100024524a771151410095b42b459148252b517d41c1aa07e4581b2d52cedcc2d011ca4f7af85a17744e37c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7455.tmp
    Filesize

    1.9MB

    MD5

    b5416866092f11d5252c0ac5475e1196

    SHA1

    4f07d30eeb603ebbff75be87bb90cfbf67d9857b

    SHA256

    6d6239386b669b69c376c3a6ba0cec694c0980a31197ab57bc93e265b04cf536

    SHA512

    39407b292e60aafba6f885c1a83489a4183979ad58bcc1267db058f2f34e4e699ec2647590788f57d0fe63b35f9e292bb8507fd65fdd43a9fe237a67118576b4

    Download Submit

  • memory/2120-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4120-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download