Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

27d2ab0ec4...44.exe

windows7-x64

7

27d2ab0ec4...44.exe

windows10-2004-x64

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2023, 12:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    27d2ab0ec4569dd208d11bf8f8c99c44.exe

  • Size

    1.9MB

  • MD5

    27d2ab0ec4569dd208d11bf8f8c99c44

  • SHA1

    8ca6633429b37c7af9d45b0272d5bbf09151239d

  • SHA256

    232279868a157e104f02cfa8a2430e9a81dc09301bde1c6b05761af40dc812c3

  • SHA512

    078fd939ed535d6ce02a486184f6991c2ccc523e564c62d771147bb34ab4111b8369093ab11cfe44910a2e4d4d4b86ffb6079b5e768c29b31bcc5f588bf741b5

  • SSDEEP

    49152:Qoa1taC070dLLsCd/1//qke/bMkU1FD/wYLrWcUgwYF:Qoa1taC0wl+uTU8

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\27d2ab0ec4569dd208d11bf8f8c99c44.exe
    "C:\Users\Admin\AppData\Local\Temp\27d2ab0ec4569dd208d11bf8f8c99c44.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2300
    • C:\Users\Admin\AppData\Local\Temp\1758.tmp
      "C:\Users\Admin\AppData\Local\Temp\1758.tmp" --splashC:\Users\Admin\AppData\Local\Temp\27d2ab0ec4569dd208d11bf8f8c99c44.exe EEB957F7220BBA669E26D5D4B9E6087168703BD5BE0D8A105B395C48AEFB5E5E5ACBBB2E84CB823807A72FA6CA83276E95046BCEE08D54B933DE54C3270CC52B
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\1758.tmp
    Filesize

    1.9MB

    MD5

    03736061d5b68fa0a21ac88716a65891

    SHA1

    ea86f66142d61a27b27b164ff1d9a60e2128f069

    SHA256

    af2879cf8d098dd5d6a426b6adccfa3ddee038726808c187a85ea46620a72b70

    SHA512

    649d17c7830bb9074f084c8d6b070863181623e8003b70439abe98e5b72c05a67d096cdb7bc9a5710a8334dcaa183508f7b5bdef94dabcc94b7a64aa87c78102

    Download Submit

  • memory/2300-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2360-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download