Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a95e8b6fe4...fd.exe

windows7-x64

7

a95e8b6fe4...fd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 13:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a95e8b6fe4e3f000e064793ca77f57fd.exe

  • Size

    1.9MB

  • MD5

    a95e8b6fe4e3f000e064793ca77f57fd

  • SHA1

    8dd30cb81ce9b0e65127cbd552b04b3697313ddb

  • SHA256

    ab6d3e7d2343d8e36d28965ab11248a85024a07550f1221ae8fc0d00b2b3e788

  • SHA512

    730e00abfcedaa54d977bebc394d0e746f3f4b69aac493a4234644c146e5a39a7320225160c7ac3177b394588e86793b621313993436c17fbe6eac8b6f352918

  • SSDEEP

    49152:Qoa1taC070dCTp56NHtUicJODUTv60rc0v3rUi8W7y:Qoa1taC0x9SUicJODaBcI3rUiZ2

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a95e8b6fe4e3f000e064793ca77f57fd.exe
    "C:\Users\Admin\AppData\Local\Temp\a95e8b6fe4e3f000e064793ca77f57fd.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:816
    • C:\Users\Admin\AppData\Local\Temp\1AC1.tmp
      "C:\Users\Admin\AppData\Local\Temp\1AC1.tmp" --splashC:\Users\Admin\AppData\Local\Temp\a95e8b6fe4e3f000e064793ca77f57fd.exe 77F835975818F0726B83EBD117C3B389C21D7212683A2EEA43DD56BF0548C92841CA56FCE3424C712847D9DF84689B05C45037985E9BD560DCED49FD1F736B51
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1AC1.tmp
    Filesize

    1.0MB

    MD5

    7a47ec901dcd4759e2ae2161e3bc0fb7

    SHA1

    c0eb4a5160fff07de13999bd9cc42fecb4b459ab

    SHA256

    72f851ac697b4e62456e0412a4f29c7a09d61e3c7991945993f6694ff4329d1d

    SHA512

    c3e2673eb3a92032080bc4f9ddb39d4ef3cb6a72238e8acef66ce4207e98a07e36c2eed4a4575c44519b7963cd2bb8c3dcfe35393273bc3d13e1650daa123524

    Download Submit

  • \Users\Admin\AppData\Local\Temp\1AC1.tmp
    Filesize

    1024KB

    MD5

    917cb16c55486e596cdc88a86c3a2feb

    SHA1

    31ebc3072ed216175168b2f3b9c87147fd7c8ea6

    SHA256

    2d0f1da0e7d045d155a6d22e51f2dc1d9553c5a7e4920e5ebd9ef5a3f2a20e24

    SHA512

    a3f1c3031f2dcffe9054927a94e4d478674f9715174a9f2d1bbbefbeab1c8b22bc96cc6bb81bccfa079769f0a2f8662defc2ab90e3ef148786d6ffc9f8e47621

    Download Submit

  • memory/816-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1592-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download