Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

73f61d5504...58.exe

windows7-x64

7

73f61d5504...58.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 06:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    73f61d55042244ac60aaedb6ff401458.exe

  • Size

    1.9MB

  • MD5

    73f61d55042244ac60aaedb6ff401458

  • SHA1

    5382cdf4bf040912684129d00bafd448ca8ce3a9

  • SHA256

    15659fa61b33fdf5d8daba9b7152a395786c622499307e275bb81d067aecf77f

  • SHA512

    d2a71b7393f47c6ca87effac2df8bc0f43f3316350afcc6cda846b39b2dc239e8b34d51cf91320a1392429e69ccdab9977b9d8c40ba2f90a5757fa285f092d57

  • SSDEEP

    49152:Qoa1taC070dfTyUCwC9mQEuI4Ot5B0O+TrHKLb:Qoa1taC0lUCwCvCNHrCc

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\73f61d55042244ac60aaedb6ff401458.exe
    "C:\Users\Admin\AppData\Local\Temp\73f61d55042244ac60aaedb6ff401458.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Users\Admin\AppData\Local\Temp\ACA.tmp
      "C:\Users\Admin\AppData\Local\Temp\ACA.tmp" --splashC:\Users\Admin\AppData\Local\Temp\73f61d55042244ac60aaedb6ff401458.exe E03AA211CF4DB63DB6356C25A5CA54759A4D2C5F570CD322BE2CA9B282879A7D01BB471FEB68E27EB2375C089D85EAF4BF205442061A405732BD52BA3152EA84
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ACA.tmp
    Filesize

    1KB

    MD5

    25908b0107c123549a7fb37004089375

    SHA1

    1195ae8798aeadb49658d0e0b1e2fc0db53e7500

    SHA256

    548c73c919ba08e4a3530ff2642904ebddade0c1e4de17e8334041538df7b2e1

    SHA512

    f8bea9d4a58795fa74f0ab4c9d84320dd119f4452808d8a5b055dd86625792b2be01a259fe616607870a0bf9c59e4e0754bab433ec68f3124689dd20e4a630c2

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ACA.tmp
    Filesize

    86KB

    MD5

    3f2cf5af2ad7e737fe1b4ddc91545d2f

    SHA1

    17949188f57de9763be990a02dba9f1e7032ed5a

    SHA256

    dc09152a8b11d618628a62e1fd9b56d074816ce1af96ceffcd07fb31b4390fdc

    SHA512

    00ec5af7e8519aa17bf36fc86f6527231111d5540c38121ae1c175c885c33f0fe7c6029cba08aae81c5cbfb78786e4a02efbef11b9f16a2877aa3a736cef8f10

    Download Submit

  • memory/1688-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2412-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.