Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

f444795e1f...ec.exe

windows7-x64

7

f444795e1f...ec.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    170s
  • max time network
    184s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 16:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f444795e1fe2c0819a23c73ad2e30eec.exe

  • Size

    2.7MB

  • MD5

    f444795e1fe2c0819a23c73ad2e30eec

  • SHA1

    e4492a2c70c8dc1dd027e1a3a5c57782919e3a38

  • SHA256

    f2a517d3798f37f69f4848c8cdaa745e4c38830ab95a0e3315ba7ee1036e1301

  • SHA512

    3fba2e51c577b2bc70d53666e57e06b41f065f02b6e8b4d1c0a969e273df372d4bd82f491ce04f03212547c31bc9cfba965444b0615cbf826a1f20bef9fbb03d

  • SSDEEP

    49152:rvsbLvtJk8aBEobHUiZgxrR9SfFyG/Jq73X1jm+IyZBT/kjHMR9j:rkknfbHUiC9HSPMH1iEZ1/MsHj

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f444795e1fe2c0819a23c73ad2e30eec.exe
    "C:\Users\Admin\AppData\Local\Temp\f444795e1fe2c0819a23c73ad2e30eec.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1396
    • C:\Users\Admin\AppData\Local\Temp\f444795e1fe2c0819a23c73ad2e30eec.exe
      C:\Users\Admin\AppData\Local\Temp\f444795e1fe2c0819a23c73ad2e30eec.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\f444795e1fe2c0819a23c73ad2e30eec.exe
    Filesize

    53KB

    MD5

    23c879aa72f7a2b0a00494fd3a3dc60c

    SHA1

    d219e978bc6d70ff6a3c1eb8b0b01a5f521e00cb

    SHA256

    ddf88cf4e683df37f437636fd0a26979f22c43da17a4846d4528daf59cf9ca6d

    SHA512

    962bb839b08835eaa41754b5ccc37f82652016d4d61725e2d21d294175c6bf2f443eb8d526af908acdc2c274c256b0fe79a643143d45c627b1fc50229b87149c

    Download Submit

  • memory/1396-0-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/1396-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1396-2-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1396-12-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3368-15-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3368-14-0x0000000001CE0000-0x0000000001E11000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3368-13-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/3368-21-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3368-20-0x00000000055D0000-0x00000000057F2000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3368-28-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download