Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

9ee4059d1c...af.exe

windows7-x64

7

9ee4059d1c...af.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 13:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9ee4059d1c9ae9597e4623aa54eac9af.exe

  • Size

    1.3MB

  • MD5

    9ee4059d1c9ae9597e4623aa54eac9af

  • SHA1

    a6a8f547cfb9c2eaa21651cd90ec17b7b6065c80

  • SHA256

    c6eaebad13292d911cf4aa9b576d4f6d56ee7132ff1d425eae109de557f9152f

  • SHA512

    71ece6adf20fdb553981a0b5880f3abcfdf8c6a94049eec800a215e543834a95d31082e3dc8f93cc1f387298a02282c7c83f04ce356bf55b63dafc2830179033

  • SSDEEP

    24576:gQOJ5rL4avAzWXNVCQG4QWaTli9cNSFlIjpjpKj1RjVb2bUj8Kr0vG:2dLR3VFmJidFlQNKBLAo8K

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ee4059d1c9ae9597e4623aa54eac9af.exe
    "C:\Users\Admin\AppData\Local\Temp\9ee4059d1c9ae9597e4623aa54eac9af.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Users\Admin\AppData\Local\Temp\9ee4059d1c9ae9597e4623aa54eac9af.exe
      C:\Users\Admin\AppData\Local\Temp\9ee4059d1c9ae9597e4623aa54eac9af.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\9ee4059d1c9ae9597e4623aa54eac9af.exe
    Filesize

    21KB

    MD5

    befdce6cf9e13be0788797a53e30b3fb

    SHA1

    e70cc94289ae2d76b848e0bd6b0183246b00a2db

    SHA256

    768a3ef1cfb944fd0d8cfff1b0f495df69d9c46ae5d4f595cabe73c012371d37

    SHA512

    e5f9c6575232319b9530296f89e9b70bf22fe6361950480ac3ca54f3955cbbeab3c8a41750fbb89e9da9edfc969665a01937017daa3b860e6755389577c27962

    Download Submit

  • \Users\Admin\AppData\Local\Temp\9ee4059d1c9ae9597e4623aa54eac9af.exe
    Filesize

    832KB

    MD5

    a3c8b19bdcd2e20921c8aef7157ec42c

    SHA1

    61c5ea24b469d6b83dc47ff3043a798e7d237285

    SHA256

    3d7c449539a55d1133ec01cfc11abddb12fac3f91e0f4c576d44403812623ff4

    SHA512

    35f2806f9e4ecbc8bccd39817b273b3d78b0cc386b9b9ee98ec84ce08b1ec709180cc41a0e6078ffcdbc85f82d0541c87f30fee4de3b9295ea96286edae0bc94

    Download Submit

  • memory/2680-18-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2680-20-0x00000000002B0000-0x00000000003C2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2680-17-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2680-26-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/3048-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/3048-1-0x0000000001A60000-0x0000000001B72000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/3048-2-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3048-16-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3048-15-0x00000000033F0000-0x000000000385A000-memory.dmp

    Filesize

    4.4MB

    Download