Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b038610eba...f9.exe

windows7-x64

7

b038610eba...f9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    20s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 13:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b038610ebae6ac3c8251436eb897e3f9.exe

  • Size

    181KB

  • MD5

    b038610ebae6ac3c8251436eb897e3f9

  • SHA1

    73f025d75063aa8b6df5329536f37b876a81949f

  • SHA256

    cca678692520109e90709bc9bd6b92db4aa96f21a63314dd03d363d99026d2d6

  • SHA512

    16c00142df6ef0ea07b06970a4df78c814b39d5a101f48ad9ef884576acfd297870a13ba9d3a623799d06bb415169a73dff8cb4bfc536e14a9abd852082d6d37

  • SSDEEP

    3072:NR2FoCu4wHbSgEcD0I1gQ/N4nK1CWeeudkIjVhHhTMjtbsoUvJmh:NSdwHWgjD0hc1zudfVh9M9soUvJmh

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b038610ebae6ac3c8251436eb897e3f9.exe
    "C:\Users\Admin\AppData\Local\Temp\b038610ebae6ac3c8251436eb897e3f9.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:3720
    • C:\Users\Admin\AppData\Local\Temp\b038610ebae6ac3c8251436eb897e3f9.usa
      C:\Users\Admin\AppData\Local\Temp\b038610ebae6ac3c8251436eb897e3f9.usa
      2⤵
      • Executes dropped EXE
      PID:2460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\b038610ebae6ac3c8251436eb897e3f9.usa
    Filesize

    72KB

    MD5

    3949c28983bc219f5b79e643f2a5740b

    SHA1

    6abdcf67af98af011fae3d9392f37946cbd1e193

    SHA256

    edbd7d087ee6bed76c65d3bd2b8d0903fa2d9c3abff2507b3e19584aba7c2a92

    SHA512

    d413f1492131acebf5f1ec66197add27db266f7d00e757b1d40adf7de395ff70862ccdb64660c5529bc8c35c06333e7cd8e71cb450e40006dd6de18bf62d3ecf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\b038610ebae6ac3c8251436eb897e3f9.usa
    Filesize

    26KB

    MD5

    c774be86e4e8427db75eb0ee2fa917e0

    SHA1

    36097de24013bd12e3955a09d05028bdb07dcd67

    SHA256

    70585fa969b61ee3409f86372aa6c367c4c3424e44318cdf45c3dfa1626bb686

    SHA512

    107060b63ccad0a0cab57c28e474e7d04d66aa2b28e5eb35645f5ba43de2ce4b1eb0377fe26cb4148b787168f6fe23e65e0e823928d4d8fa01d62f5b11450328

    Download Submit

  • C:\Windows\SysWOW64\UsaShohdi.asu
    Filesize

    16KB

    MD5

    38b043760254434476a1fd91e7701a4a

    SHA1

    d50fd195453759ff049ac3456d74bf42f4fe67ac

    SHA256

    5e8cf5240b973b8ca03c96a14621c23980d0d421b8c65e51ad1d0733ab80de4f

    SHA512

    bfa5210d0db5381c081c1516c4138758e35952651a83a03780350d0a655cbc03f3994a0a2868fd466a0892a30374a19918b643a672fb4d2339c517fe3a72ebae

    Download Submit