Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a95e8b6fe4...fd.exe

windows7-x64

7

a95e8b6fe4...fd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 13:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a95e8b6fe4e3f000e064793ca77f57fd.exe

  • Size

    1.9MB

  • MD5

    a95e8b6fe4e3f000e064793ca77f57fd

  • SHA1

    8dd30cb81ce9b0e65127cbd552b04b3697313ddb

  • SHA256

    ab6d3e7d2343d8e36d28965ab11248a85024a07550f1221ae8fc0d00b2b3e788

  • SHA512

    730e00abfcedaa54d977bebc394d0e746f3f4b69aac493a4234644c146e5a39a7320225160c7ac3177b394588e86793b621313993436c17fbe6eac8b6f352918

  • SSDEEP

    49152:Qoa1taC070dCTp56NHtUicJODUTv60rc0v3rUi8W7y:Qoa1taC0x9SUicJODaBcI3rUiZ2

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a95e8b6fe4e3f000e064793ca77f57fd.exe
    "C:\Users\Admin\AppData\Local\Temp\a95e8b6fe4e3f000e064793ca77f57fd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3452
    • C:\Users\Admin\AppData\Local\Temp\5294.tmp
      "C:\Users\Admin\AppData\Local\Temp\5294.tmp" --splashC:\Users\Admin\AppData\Local\Temp\a95e8b6fe4e3f000e064793ca77f57fd.exe 699210F2F0F2A133034CD4653A5FCBED9A7CBEEC3C6E14FC505C887835E0C2F8B27C97A13A14276B1EBF23CEE3DB0641700C26FC6538BA3F4CDC6E779CB3BB38
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5294.tmp
    Filesize

    937KB

    MD5

    1e69f7b40803a1881cab44a0611a8636

    SHA1

    7862945e56fee268f9d8692d2769b99aee1562b2

    SHA256

    403490a7f995a131dbb9b118c68346b9036b7376b0fc468dc58ac1ac1709fc30

    SHA512

    04d85f2be5d39423106f894e1d4eae490019453b5e9a350af9326038241c71422cf4ed8a81ba2d00419eaf47ebaf57a55f9ef85b8ebd4e80cb8a2960725df894

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\5294.tmp
    Filesize

    445KB

    MD5

    f63873ca9f4f567fa4129945d45aa75b

    SHA1

    6b417048216b0d94e889a7a0efa9b404378f5746

    SHA256

    f3af8c3eae437247b3af9624e1b28105d5102a260e0e6049fdeca713e424e257

    SHA512

    56406f1ea84425b306a655295665b6178290ee73e3aea00d5692ca43df82b917bd907717df141cf55a34d435aa244f2b7b13dee1383cd9c22b6060cbf300062b

    Download Submit

  • memory/3248-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3452-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download