Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a25a524932...bd.exe

windows7-x64

7

a25a524932...bd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 13:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a25a52493270ef36bc961fb726904dbd.exe

  • Size

    1.9MB

  • MD5

    a25a52493270ef36bc961fb726904dbd

  • SHA1

    1f6778e5a5b4d9bb131510c90a55e6f15985b836

  • SHA256

    da5f2d592484132b1fb2f9746a6f5af6424800097752988c15d3d4e62f679f23

  • SHA512

    682661186561a8d62fe1f55c6890d8e039edf1795083cca97deec5d47c2c2a9ce1358f7425b85c7b61820b47c9bc3c26b7eb117e8a205ef076497204d4e755fd

  • SSDEEP

    49152:Qoa1taC070dWQaIkLFatVcpMsp3PHJDVFfaT:Qoa1taC0RQaICsLAMS3flaT

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a25a52493270ef36bc961fb726904dbd.exe
    "C:\Users\Admin\AppData\Local\Temp\a25a52493270ef36bc961fb726904dbd.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Users\Admin\AppData\Local\Temp\75BC.tmp
      "C:\Users\Admin\AppData\Local\Temp\75BC.tmp" --splashC:\Users\Admin\AppData\Local\Temp\a25a52493270ef36bc961fb726904dbd.exe 0C4E94AE14E49DCED778564CF3E1B90BCA238853C22A60A50F1F82E77F1542AA2341A562DC71EDA39614C0F4714DDE157D9C9D01087AC5220DCBD275669861CB
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\75BC.tmp
    Filesize

    869KB

    MD5

    6eddc8f56d8cab7b39be37c1a053695e

    SHA1

    703269f66708dc2d0afdf502a0be21e021c84732

    SHA256

    c4806cbb10150ad36f5b73cc471ff0bf39fdfb85f457084ba50f52b6c2c2ee15

    SHA512

    3f917c75a07355075c7de5f7446a7bfff8138199a16cc7b9741459ade1b4520e8346319c243d52683d54eaffc7b548b43371dcabc00564ea9bf90cd2fb83a0c5

    Download Submit

  • \Users\Admin\AppData\Local\Temp\75BC.tmp
    Filesize

    1.1MB

    MD5

    f6aac9e0832a92e05c36e28d541358a7

    SHA1

    089e25302c8719001205efa8ba3bc47e4c898c21

    SHA256

    0a0b5c63bf5b2e0a80069fd0d329560ebafd39f3e175cd00ce7a6384f39602c6

    SHA512

    8daf73c2621ce864b3b41d9d126414c75224e68469a8092176932dc6d16a2f9c1c65f28d6cd73b75fa1e65a33c0b512a8352429e2b81892d781e4f502e79ba57

    Download Submit

  • memory/1164-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3016-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download