Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

bd3cfd9434...b5.exe

windows7-x64

7

bd3cfd9434...b5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    158s
  • max time network
    171s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 14:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd3cfd9434cde404285cb1e8dba872b5.exe

  • Size

    1.9MB

  • MD5

    bd3cfd9434cde404285cb1e8dba872b5

  • SHA1

    03c10858c6eb6de5a36d4bd5cfb9f00349614b05

  • SHA256

    29ac9e2a57ced8b7042664ff313c53e1797d37cc13ab614e511c637cff8b858f

  • SHA512

    7ff1621628120b5473632f6691b525bfc7f6ac37cbe1aa152dab09bebff360d7a7797164bd654919f243626272e581a2c9b71b25e41834ac95f95dd379030a76

  • SSDEEP

    49152:Qoa1taC070dRN/7XnHy2myzxtVl5Tx6y64:Qoa1taC0sN/73y2rxtVl5TN64

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd3cfd9434cde404285cb1e8dba872b5.exe
    "C:\Users\Admin\AppData\Local\Temp\bd3cfd9434cde404285cb1e8dba872b5.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4032
    • C:\Users\Admin\AppData\Local\Temp\B2A6.tmp
      "C:\Users\Admin\AppData\Local\Temp\B2A6.tmp" --splashC:\Users\Admin\AppData\Local\Temp\bd3cfd9434cde404285cb1e8dba872b5.exe 75485E77BF20F4521B31A5BF429891BB332205298D2EA96EB5F5154AA010E2BC58849744DA3BF380A2BCDABF003F57646BE3C53B49B69B88A462A3AC1F1A0DBA
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\B2A6.tmp
    Filesize

    160KB

    MD5

    58c55f67e43a9655efd0ff87956b3ecd

    SHA1

    1bb35fe24c7330538f7342c412d8af6a8594e814

    SHA256

    2090fd211b38080a6c93d8f20b2994a4506b3c0db9b46e0a8e0e1fee1ea692d2

    SHA512

    06b9d1dc7cb33919e023bd7de81f88f7221d791da33a639b26fda34c36917783e328e90e0cf2f1f9185306829206f5ed45c6dcafbca680c4e146acf2ee8cff36

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\B2A6.tmp
    Filesize

    84KB

    MD5

    f54b384fb21e3d5b9bfd53495e8b1395

    SHA1

    43e3e7209752da0035bf99640befecd0756dc957

    SHA256

    77cd5c990515230310d8eb02ddafdeea5df288ece22b226fa46c1907bd233eb3

    SHA512

    9b26f231302257ad81dbec9555707ac19bdabadeb93ad0ca2e0670c6a31187eefcac6137c5333a5a8b6e9c096a66aa3863d9dbc27a63193039b7cf2693de09d4

    Download Submit

  • memory/4032-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4540-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download