Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

6143eb7a04...49.exe

windows7-x64

7

6143eb7a04...49.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    89s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 04:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6143eb7a0403e059855c461b207b4f49.exe

  • Size

    444KB

  • MD5

    6143eb7a0403e059855c461b207b4f49

  • SHA1

    a0b1fecfcac66c8424c89b39f8b6bcc41642e3bb

  • SHA256

    8734f3c8ce12a353ae36fff147c6904d51cb4c21bb1ef430995ba3ae46262660

  • SHA512

    990dc56a9ad07259da0a9347a090530e662d23df5e01723ee311d6d3a01aefca8a90af873d1dea5b560014bfa34004f60e73f07e3ed92003f6c93051ae7556b9

  • SSDEEP

    6144:MTykDONo0jv7IoPfeq1ZzxRJbL7f5LAh36rSLL64j7W4+yQrOx5Yszv8a+rHICRp:MLry/neyx7f/A64j7P+tixhT8a+rHICH

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6143eb7a0403e059855c461b207b4f49.exe
    "C:\Users\Admin\AppData\Local\Temp\6143eb7a0403e059855c461b207b4f49.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1408
    • C:\Program Files (x86)\bsfapresk\sbanidaojomrfv.exe
      "C:\Program Files (x86)\bsfapresk\sbanidaojomrfv.exe"
      2⤵
      • Executes dropped EXE
      PID:4564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\bsfapresk\sbanidaojomrfv.exe
    Filesize

    235KB

    MD5

    070f104a8f6180adc0a2667af2847fa3

    SHA1

    bac3ef1db122b41bd20c0ce96b0d5308bc5fc7f2

    SHA256

    d367088bed119c3657bee90edb2c1ae54bb687e41ee872b27ab9fb46ba5a073b

    SHA512

    de686e2f4420c6a7acf93c6f645d2e236c0cd383fa5473ab525774002ccb142a7c5c01ddb8ca5fdec12cca624185b64a020ba27d9632d5503d2314276f7876ec

    Download Submit

  • C:\Program Files (x86)\bsfapresk\sbanidaojomrfv.exe
    Filesize

    196KB

    MD5

    b8a0d5b59ff8160b0d4e613da8954645

    SHA1

    1aec6d854e9c139e59753ae7ac9eb3c0bc55649f

    SHA256

    a1977eef6b2adae1e32fa65879f19638f62b24b7a172ec33d2383e86ffb987d2

    SHA512

    bdae03a85159feb329ff09677427dd13db764937c28178dedf875b98e45686f0d78b53f5cd39ec9fac1685f53227aa57bc79e9bb13578a7d8a41ed026726f439

    Download Submit

  • memory/1408-0-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1408-1-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1408-6-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/4564-7-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/4564-8-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/4564-9-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download