Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

9ded71f6c5...12.exe

windows7-x64

7

9ded71f6c5...12.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 13:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9ded71f6c57ef668ba0100372cfe5812.exe

  • Size

    1.9MB

  • MD5

    9ded71f6c57ef668ba0100372cfe5812

  • SHA1

    3b48bd14fdf39e3575ed080aa288c50b246b38e2

  • SHA256

    f50888a3c4f9133a8d49c157a62ef218c9cb44ebde8b4ca9b1b0fb05916ee7cc

  • SHA512

    32693af2227fdecd03ce8fe56e7e0168f372b827119c55aa29ebd6b88ee12382ea1f56c9b4f91de68dd3903081e3d894b565728663463cebed7a35b65f8db5d8

  • SSDEEP

    49152:Qoa1taC070dolOKq+SZu1606cAmsi+pck5Nnp6ZJMX:Qoa1taC0dOqSZjiOdOMX

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ded71f6c57ef668ba0100372cfe5812.exe
    "C:\Users\Admin\AppData\Local\Temp\9ded71f6c57ef668ba0100372cfe5812.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\Users\Admin\AppData\Local\Temp\3BF7.tmp
      "C:\Users\Admin\AppData\Local\Temp\3BF7.tmp" --splashC:\Users\Admin\AppData\Local\Temp\9ded71f6c57ef668ba0100372cfe5812.exe 2A5EF2219C5EADB22A6537544D49E9EE3E8219E3CEC48CC1CE4BADBE1DF7957D3F70C43FBA247AB476AC97CC09141567E898E4D54CEBCDE97B50F186679FB3D8
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3BF7.tmp
    Filesize

    160KB

    MD5

    fa285c7e37a5788816d52c93ac8caedf

    SHA1

    0083d76031d6a192a0710f969c1e9b02dc337a73

    SHA256

    1a60802be54f42fc227c640cc86850276e8d05298cedeb8801f72ba1eef064bd

    SHA512

    a413edc957eebd01fdc548b2a7e3948ad5d458a594af7195a1917ab5e3ec0a5ae538a97186dbd87b6f1c5a108a1af14e5f646c03807b2db5b52f2fa980dee676

    Download Submit

  • \Users\Admin\AppData\Local\Temp\3BF7.tmp
    Filesize

    768KB

    MD5

    039acfd74e08fafe9d4a07271b1ce0d2

    SHA1

    95c26e791bece08dfa70157aa9b8653e4e1af7eb

    SHA256

    e581782d68a5d07bc776b53758c2d3f03cf375f42ba833c760b069c86d9cbaf1

    SHA512

    8a29de7edfe472896535922aa50a05460d8e758dc2b79eeab68a6f839debd5a7d46d864e883f4e78d3dadb728d43d11d089b4293be632db536f2f4b844866437

    Download Submit

  • memory/2524-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2900-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download