Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

73f61d5504...58.exe

windows7-x64

7

73f61d5504...58.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 06:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    73f61d55042244ac60aaedb6ff401458.exe

  • Size

    1.9MB

  • MD5

    73f61d55042244ac60aaedb6ff401458

  • SHA1

    5382cdf4bf040912684129d00bafd448ca8ce3a9

  • SHA256

    15659fa61b33fdf5d8daba9b7152a395786c622499307e275bb81d067aecf77f

  • SHA512

    d2a71b7393f47c6ca87effac2df8bc0f43f3316350afcc6cda846b39b2dc239e8b34d51cf91320a1392429e69ccdab9977b9d8c40ba2f90a5757fa285f092d57

  • SSDEEP

    49152:Qoa1taC070dfTyUCwC9mQEuI4Ot5B0O+TrHKLb:Qoa1taC0lUCwCvCNHrCc

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\73f61d55042244ac60aaedb6ff401458.exe
    "C:\Users\Admin\AppData\Local\Temp\73f61d55042244ac60aaedb6ff401458.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Users\Admin\AppData\Local\Temp\ACA.tmp
      "C:\Users\Admin\AppData\Local\Temp\ACA.tmp" --splashC:\Users\Admin\AppData\Local\Temp\73f61d55042244ac60aaedb6ff401458.exe E03AA211CF4DB63DB6356C25A5CA54759A4D2C5F570CD322BE2CA9B282879A7D01BB471FEB68E27EB2375C089D85EAF4BF205442061A405732BD52BA3152EA84
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ACA.tmp
    Filesize

    1KB

    MD5

    25908b0107c123549a7fb37004089375

    SHA1

    1195ae8798aeadb49658d0e0b1e2fc0db53e7500

    SHA256

    548c73c919ba08e4a3530ff2642904ebddade0c1e4de17e8334041538df7b2e1

    SHA512

    f8bea9d4a58795fa74f0ab4c9d84320dd119f4452808d8a5b055dd86625792b2be01a259fe616607870a0bf9c59e4e0754bab433ec68f3124689dd20e4a630c2

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ACA.tmp
    Filesize

    86KB

    MD5

    3f2cf5af2ad7e737fe1b4ddc91545d2f

    SHA1

    17949188f57de9763be990a02dba9f1e7032ed5a

    SHA256

    dc09152a8b11d618628a62e1fd9b56d074816ce1af96ceffcd07fb31b4390fdc

    SHA512

    00ec5af7e8519aa17bf36fc86f6527231111d5540c38121ae1c175c885c33f0fe7c6029cba08aae81c5cbfb78786e4a02efbef11b9f16a2877aa3a736cef8f10

    Download Submit

  • memory/1688-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2412-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download