Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

fcc4d77dd8...1a.exe

windows7-x64

7

fcc4d77dd8...1a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 17:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fcc4d77dd895ae252ddd6ba1fc4fcb1a.exe

  • Size

    1.9MB

  • MD5

    fcc4d77dd895ae252ddd6ba1fc4fcb1a

  • SHA1

    45816767911cf92d551b64836e6141a3a0b7be76

  • SHA256

    81e22c130ade7c83d432a9e5f18cca1eeacbdb9e094a1ca3d772c4db36be6ec4

  • SHA512

    cefba65e91a2ecca6dda9b965e4f0840d1cf15d02d9d7268f1d26aee7f030ef1015b5a2d6ed3d55057f123f2f4fc269443dca4eabb5326d020cb560cb15e854a

  • SSDEEP

    49152:Qoa1taC070dxVw+8lWdQ9WGfKzxrVxlMG:Qoa1taC0298oaW0Oz

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fcc4d77dd895ae252ddd6ba1fc4fcb1a.exe
    "C:\Users\Admin\AppData\Local\Temp\fcc4d77dd895ae252ddd6ba1fc4fcb1a.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1060
    • C:\Users\Admin\AppData\Local\Temp\49AB.tmp
      "C:\Users\Admin\AppData\Local\Temp\49AB.tmp" --splashC:\Users\Admin\AppData\Local\Temp\fcc4d77dd895ae252ddd6ba1fc4fcb1a.exe 4453B07EC65A2F80CDF67BF94B36358130872B5319EAB0A45406C78272D3DAFB76D62F63AE698E64BA28F21C594E7B4BB5A90562CE97400C89EBF3B931EC6E3A
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\49AB.tmp
    Filesize

    293KB

    MD5

    07ebefa52806b6931bd0a6651c521af5

    SHA1

    e1fbf78e346c9e94201ead75ff4b33cda04de61e

    SHA256

    44ab0f8d1c3410507ef42e04faa7325250acd9b8651b0eda2101d4d3b56c9d26

    SHA512

    6f6c18e8c8758e463836397b582b228c56002ad02a9b8c0a109741bfc2df749e07953c63158528e7e3d758a2ea27d5dd1db7fbf4dba822a89a83357d4b29395b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\49AB.tmp
    Filesize

    118KB

    MD5

    95afde7bc1ebf6e1012e1c84d03f33aa

    SHA1

    c5add8ed09ab399975f52e4804e13e10ed984b05

    SHA256

    f381da029f21ed6ef74a0ae234cf8142f33109072b49a0ab0f88be9ab548a518

    SHA512

    4e44ca5495dd42c7b0030086a2ee08751a313111c0fcca3f8b1da748e6aa44b7f81540241dc1e8b5940a633315320dc4bc48e96c1352446a96c55f9546a13201

    Download Submit

  • memory/772-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1060-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download