Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

9374ca4154...12.exe

windows7-x64

7

9374ca4154...12.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 12:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9374ca415443e99ad29fd646b4ab6312.exe

  • Size

    353KB

  • MD5

    9374ca415443e99ad29fd646b4ab6312

  • SHA1

    c3ac1b6fbd17eef29158ddce3455c1789e8617f4

  • SHA256

    898b92b4faaa6403e96d7e4177990d62e59e734fb02be83a7de654b428879a9c

  • SHA512

    49878aa18d83adce7ce82e55343e295adade3ba74335d986c9a0a6d76e9323844353e12df27c5933749d95bcfa7ef453c55637c7c04227d90976dcbe94c83538

  • SSDEEP

    6144:H5xAZ2q3eaisJ3+w9auAB723qd2x2AXXuuVSUnj41/YdxfsLPrPwo+:IaTYuw9aBWeA2L1Unj4VYTfmE

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9374ca415443e99ad29fd646b4ab6312.exe
    "C:\Users\Admin\AppData\Local\Temp\9374ca415443e99ad29fd646b4ab6312.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2164
    • C:\Users\Admin\AppData\Local\Temp\9374ca415443e99ad29fd646b4ab6312.exe
      C:\Users\Admin\AppData\Local\Temp\9374ca415443e99ad29fd646b4ab6312.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\9374ca415443e99ad29fd646b4ab6312.exe
    Filesize

    353KB

    MD5

    2fd66109b36ab11051002f5e63383f2c

    SHA1

    c0efadad421b06ba33b274926581be6cd92973c2

    SHA256

    dce541dc21b7b13268be9fdb5d0381cf2dcda9094f00a84d7b66525db541cfc8

    SHA512

    6107435d64324aab465a02d51d184f766229d76f1e7c5d4dc1348c0f0d630e2c24bc16b5ac517b2f5af75a39e497e10f61517d7a285ff6759312daee914e2196

    Download Submit

  • memory/2108-17-0x0000000000170000-0x00000000001A3000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2108-18-0x0000000000400000-0x0000000000450000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2108-23-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2108-26-0x00000000002B0000-0x0000000000300000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2108-30-0x0000000000400000-0x00000000004F1000-memory.dmp

    Filesize

    964KB

    Download

  • memory/2164-0-0x0000000000400000-0x00000000004F1000-memory.dmp

    Filesize

    964KB

    Download

  • memory/2164-1-0x0000000000170000-0x00000000001A3000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2164-2-0x0000000000400000-0x0000000000450000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2164-15-0x0000000000400000-0x0000000000450000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2164-12-0x0000000002E60000-0x0000000002F51000-memory.dmp

    Filesize

    964KB

    Download