Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c02183a58e...c8.exe

windows7-x64

7

c02183a58e...c8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 14:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c02183a58e986cd8af8352d2a97748c8.exe

  • Size

    1.9MB

  • MD5

    c02183a58e986cd8af8352d2a97748c8

  • SHA1

    c150ed711f3daeb485637c58d51ceb364be6a190

  • SHA256

    475f1fd121039549be032678e3d5f07cfce5461609374aba86121c088c736186

  • SHA512

    9b55980f3356ca75266ec261af7dc2e8dff3e594928f8d2f5f269c1791444133197953e6e20fe63a0302cbd4be7629594cbf02041cf843a1e1a15cb498874b46

  • SSDEEP

    49152:Qoa1taC070dnXBqV+eHzKeDzRigUYuvHZzmzH:Qoa1taC02qV+eTKwzRBUYqk

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c02183a58e986cd8af8352d2a97748c8.exe
    "C:\Users\Admin\AppData\Local\Temp\c02183a58e986cd8af8352d2a97748c8.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2952
    • C:\Users\Admin\AppData\Local\Temp\4A76.tmp
      "C:\Users\Admin\AppData\Local\Temp\4A76.tmp" --splashC:\Users\Admin\AppData\Local\Temp\c02183a58e986cd8af8352d2a97748c8.exe 674E9855F6563E3AF5C656D473BAE226991B5A838992DC8FD79AA27B70CE57206EC0C778A595FBD4F3AA71EB05F8C104A1163FFAA95A529433FBE29E08CCB14E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4A76.tmp
    Filesize

    588KB

    MD5

    68ee22a62bd364f942723fa15c6f8dc8

    SHA1

    2922fcd5f5c6c58d0e0fb0997ce7dc354788e130

    SHA256

    73f4e6e1bc9695f312cabd21ecd9716d6a4cc98cae58c03a9a59b42e8a59dbea

    SHA512

    acbd0831277cc7198ecc65b890d315f4491dd37fe4ca7ebd98a28e5a926cec60f23732cf9a9b4b8c5d4a57361ea725a59d602b2bbb44c6c77ce5cc732c960a61

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4A76.tmp
    Filesize

    600KB

    MD5

    93e5198ca37fde04c02d7412c9954688

    SHA1

    00fd2445a163105ce05d27db860867d4486b28f6

    SHA256

    34f0527c2cce96b0adad830a5f97a971cf47ae46f188de6f090d8be9b8d9d5ed

    SHA512

    fee63c8600c33ee7973203e6f633a7f6ba1c4b33e02a7d921c4dffa0780578a90f1a38008d54f563cd235c154038eac6d3f4aeeba97dd58dddb1acbba1f61b5c

    Download Submit

  • memory/1756-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2952-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download