Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

f6f8bb3325...2c.exe

windows7-x64

7

f6f8bb3325...2c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 16:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f6f8bb332506dc7d7257c1cfac71602c.exe

  • Size

    1.9MB

  • MD5

    f6f8bb332506dc7d7257c1cfac71602c

  • SHA1

    faa58c230c13c3e19b5f4fb40717137d60b0f3bc

  • SHA256

    ca3265d6605a2f988a3920bf033a0da2549d7582ef762a6cd956de703b6d99e8

  • SHA512

    69ac8df59f3e68b75ac21a9d402e52429d490ffc1b376cd94dbb54f5370a956288df7e0df6ed3e90418476c4d7821dff2a19986896047a015a4ba23fc37f827c

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10dA/iD9ng+6BDb1oetiywWc+R+402YZ0ZkA6Va:Qoa1taC070dA/iv615LkWtE9oOJBW9Mi

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f6f8bb332506dc7d7257c1cfac71602c.exe
    "C:\Users\Admin\AppData\Local\Temp\f6f8bb332506dc7d7257c1cfac71602c.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Users\Admin\AppData\Local\Temp\515B.tmp
      "C:\Users\Admin\AppData\Local\Temp\515B.tmp" --splashC:\Users\Admin\AppData\Local\Temp\f6f8bb332506dc7d7257c1cfac71602c.exe 25C9668454471FAD7C191F6A6BAAFDA72E36620867644779D23A16175606CD5CFD69DA8EFFDB22F093AD2E5E815C7F7FEB12FB2F8D237BB10421BAD95FC613BE
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\515B.tmp
    Filesize

    1.9MB

    MD5

    8dba188169dd4e7a52c5d789dc07d0b2

    SHA1

    5c0c332801edb90b66d87fd0689f5fe4436cb4f8

    SHA256

    cfead0037509420c8ea11420e630d8756c51fd98781b7f5c19abfe7820e2b1ea

    SHA512

    f9716d421aeefb72e4035b9c420f85abb3499817b3f0d8022cd1835c083c9180973460eca9d22adaa2636932324a9f0801aa086571489c1914f4d5d24f9d6236

    Download Submit

  • \Users\Admin\AppData\Local\Temp\515B.tmp
    Filesize

    1.2MB

    MD5

    89d5e191a53e2c96a32374f4dcfb658a

    SHA1

    80c9f195b3d07f0c6bd016b287705b490aead8ff

    SHA256

    a176556c000a5db17af413a6b51cf2675a4d934e0734f1c3f7793066c32c05c4

    SHA512

    6a24e6b9b2e59aac8e5d614b1ad2dcad5ee7e9b44c5e354c36b972468c8621e126b33914f59696e2fc2af3be01bf8348fd1ba348731c0e95f2273e621ed34fcc

    Download Submit

  • memory/2256-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2324-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download