Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

847cc90ba0...96.exe

windows7-x64

7

847cc90ba0...96.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 10:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    847cc90ba046ffe817cae487e911d796.exe

  • Size

    4.2MB

  • MD5

    847cc90ba046ffe817cae487e911d796

  • SHA1

    e6898d1316b33d796bbcd849bab2a94787710762

  • SHA256

    7a5629089e62bd65038ecc4726077a2dfcfbfd3b6c72ac936f538241235203c6

  • SHA512

    3b6f43e5107f5600b49d260b65c372cfcd786414b5a6f9cd014c3462da529f8010799b709edaa073c3fe8ec074e16132534998935a2108a8fe7a0d2f6ab06799

  • SSDEEP

    98304:emhd1UryeVVHVAKC4O6dFQFO3VLUjH5oxFbxCVLUjH5oxFbx:el1gKCGVUjZEdCVUjZEd

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\847cc90ba046ffe817cae487e911d796.exe
    "C:\Users\Admin\AppData\Local\Temp\847cc90ba046ffe817cae487e911d796.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2356
    • C:\Users\Admin\AppData\Local\Temp\4BDE.tmp
      "C:\Users\Admin\AppData\Local\Temp\4BDE.tmp" --splashC:\Users\Admin\AppData\Local\Temp\847cc90ba046ffe817cae487e911d796.exe 21C32DF7F4C57B98103E5EA0DDF297655A2BC72747B404A9DF914EA98D794F1CB3A50C6F06390C8CA7B053EBFC69225C19D5FD2F15C8B36ED4AF0E64D1712882
      2⤵
      • Executes dropped EXE
      PID:4032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4BDE.tmp
    Filesize

    1.3MB

    MD5

    2e16ed7f13a61e297d282532e6c94f3e

    SHA1

    24da8e835b57181d525a5f63dd108a4cb1d93af9

    SHA256

    c14d6ec5144240652430d5a7da9d956890fb1cb5235e5ed66c2ded7a1acb833c

    SHA512

    c39b452533a8a2962e510f907128bfd41245038671a2179491de654acabe82273d4ed3a2cea3eda9f79746c36ed03ba5be33a7f97df78c63b87b960f6cb808fe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4BDE.tmp
    Filesize

    1.5MB

    MD5

    8313c1c16117e1af23830c0dc2574217

    SHA1

    2dee986a8077ca18a9b7ec5c46b2118b60490fcc

    SHA256

    3ea9c16522a72bcf7b41f1f745bfd394609eb611ebdb1881d58a269276434940

    SHA512

    869b59ce4694f3bc8f27af254303904055e628ca926a0b74f496ebf7c10cd2b38943137b2a5235e498c8464cd5e93860d5e4ac1ba7dd2f9de9d57d6681d9248f

    Download Submit

  • memory/2356-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/4032-5-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download