Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

6c04cf46bb...93.exe

windows7-x64

7

6c04cf46bb...93.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 05:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6c04cf46bb52dfbab35ec9a53df2c393.exe

  • Size

    1.9MB

  • MD5

    6c04cf46bb52dfbab35ec9a53df2c393

  • SHA1

    09b02618d7fefa550dff1f4070ad855d3956f750

  • SHA256

    ab7bcdc25afedfe46bea06a4d886e175eae6f23cd956ee0ec0601cdb056064b3

  • SHA512

    a3b6fd3ea7af51a72d50de86ff228257a6cbaefef32dc49243a26ad97679c61bc59a462984b69f2290dfe829a548ebf0cac9d8a8a9953d6123aa81bb95c15c55

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10dNvgjO84dkDnI21PSJI1L23VFZ1c9JmJlQR91:Qoa1taC070dcn02w529JmJlP8eyZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6c04cf46bb52dfbab35ec9a53df2c393.exe
    "C:\Users\Admin\AppData\Local\Temp\6c04cf46bb52dfbab35ec9a53df2c393.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3248
    • C:\Users\Admin\AppData\Local\Temp\514C.tmp
      "C:\Users\Admin\AppData\Local\Temp\514C.tmp" --splashC:\Users\Admin\AppData\Local\Temp\6c04cf46bb52dfbab35ec9a53df2c393.exe 6FC4354422D686AF304410A0033CAAEC2248C4CEA2BE6E56C414D58E749F34065AF6190A1C2C2E1F724DC97E6F4D05E0264C086355A6016FFC3FA67C661A017B
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:60

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\514C.tmp
    Filesize

    1KB

    MD5

    25908b0107c123549a7fb37004089375

    SHA1

    1195ae8798aeadb49658d0e0b1e2fc0db53e7500

    SHA256

    548c73c919ba08e4a3530ff2642904ebddade0c1e4de17e8334041538df7b2e1

    SHA512

    f8bea9d4a58795fa74f0ab4c9d84320dd119f4452808d8a5b055dd86625792b2be01a259fe616607870a0bf9c59e4e0754bab433ec68f3124689dd20e4a630c2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\514C.tmp
    Filesize

    57KB

    MD5

    7ff882fb898c89ec0985718631a38882

    SHA1

    effa1ff623cc7250e69972088f119fe8ac86edd8

    SHA256

    5f66e360bee542c48fe6283b3caf64d609275d0ecdbfdd50f19825f61974ad18

    SHA512

    13957f752f0a78c2c0ef36d2b2ba3a2b37de4923801e501a2cbeced586a136628c4ed5ee0246147830ecfb4441f0e7f6b452cfc91a649e3a773b2ce656be53c6

    Download Submit

  • memory/60-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3248-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download