Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

aa75288db6...7e.exe

windows7-x64

7

aa75288db6...7e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 13:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa75288db6ec1c283499248d40d2d77e.exe

  • Size

    1.5MB

  • MD5

    aa75288db6ec1c283499248d40d2d77e

  • SHA1

    60825864d90612c73030fa3c771ce25cef734cd3

  • SHA256

    c2f7daab60ba583ced665a371b913ce6eebb32c07bc894e01e9f41c2039a5abe

  • SHA512

    cf4f1b3376588d73d78766b60b720595ecbe3656a30fbb2c473f5d1b7dc16554dd2c72a5399337cb46a71a9cb1495bb0fa0bbe6de303cdd6f548ab05e0a73254

  • SSDEEP

    24576:mRXThNhKWFHT4g67qi/2WTQZaY5GoLhm4/xqBu0+9+ty/KW:AnKWFHMR7uWTQDGoL7xqBEgty/K

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aa75288db6ec1c283499248d40d2d77e.exe
    "C:\Users\Admin\AppData\Local\Temp\aa75288db6ec1c283499248d40d2d77e.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4012
    • C:\Users\Admin\AppData\Local\Temp\aa75288db6ec1c283499248d40d2d77e.exe
      C:\Users\Admin\AppData\Local\Temp\aa75288db6ec1c283499248d40d2d77e.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\aa75288db6ec1c283499248d40d2d77e.exe
    Filesize

    225KB

    MD5

    547197a4bc244efad0ff72afcee0cf3d

    SHA1

    97fb09f591d6e91885f5bb97e9ed511c193a6cb7

    SHA256

    3fa94bf2bc4d76fcb4065ac50aabea9595db72c7da2152365551471e6203fc99

    SHA512

    1f74a26a83cece9d453f95f0afddead059b3286f79e6c1382afd4c3471d961317c0ac15990f098965659a5e07b60b4e095f4601415bf61ef756cb4d2cbbe314d

    Download Submit

  • memory/4012-0-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/4012-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4012-2-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4012-12-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4632-13-0x0000000001D40000-0x0000000001E73000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4632-16-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/4632-20-0x0000000000400000-0x000000000061D000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4632-14-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4632-21-0x0000000005640000-0x000000000586A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4632-28-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download