Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

f113f29e4c...0a.exe

windows7-x64

7

f113f29e4c...0a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/12/2023, 06:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a.exe

  • Size

    9.9MB

  • MD5

    967a211c475579fa4ccbd8c8ce9b03f9

  • SHA1

    8be6abd050aed176d4f9772501acdde3f22ac95f

  • SHA256

    f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a

  • SHA512

    e793194fd87598f6a594e746f279a9b61d82942ba788f9eb37b83c7fe745ae05ec51c6e8f4e579b0700d674bf1556b9893446dca88cc323411114bca5559f7f6

  • SSDEEP

    196608:EYl21W903eV4Q2tpDjIIAcwD/au5p0W8/LQhoANNERPEvvk9LIL:JcW+eGQi9jo/au5qW80hoA/EZk

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 10 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a.exe
    "C:\Users\Admin\AppData\Local\Temp\f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4600
    • C:\Users\Admin\AppData\Local\Temp\f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a.exe
      "C:\Users\Admin\AppData\Local\Temp\f113f29e4c87962d9ac5f4df6e4203ec24ab28bab1af564a22e80f7461a4f70a.exe"
      2⤵
      • Loads dropped DLL
      PID:60

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\VCRUNTIME140.dll
    Filesize

    61KB

    MD5

    aec3d27ce4a1245930c9632356a524f1

    SHA1

    76c0905c353bc7fe589c1cd018fac35c4e8cac02

    SHA256

    1d423a2d14e73b0190df89261c336a667111abc1c702f6abfb886a668f7273f5

    SHA512

    e3ead704735d4f45908242b4b23554127f5dfeb4452f7ef8becdb95c713c2e1b3cc66b077ed0d8620fd11480fa6534faeabd06589a4909b1699c851bb5fadb53

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\VCRUNTIME140.dll
    Filesize

    38KB

    MD5

    8c8fbc0566fe560b9e06ddcc512ddee1

    SHA1

    00924cec35e03f0d3a0fe70861582e95d9eaafb3

    SHA256

    d510d4dd14446da84161411360a1102b1b1743673d5ed76861b3dc2c9dfce860

    SHA512

    6118e0b318bb02f2eec2e69ffc4a94cbb4db5d1d58f0dcb5fdf507907fe16ad1345f0f7b89d9612d95d0ff45044702bde44a44878b40695fdc5a619a2a0f8608

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\_bz2.pyd
    Filesize

    40KB

    MD5

    6cc64b840c67c527d7775471cbefd49e

    SHA1

    95a54e4120f4341ebc1bebc42b9187d6059fbc53

    SHA256

    4ad85fbae520672786602c61d87b3e260fe505a01512dfe14e7d5b2408cbff5a

    SHA512

    218d12a26923336eeed744923a071030ed9d215bd24c3dbabff4c89184b3f53c96f09bf00500fad351cf8c82f557783fb0c7ebefb234a556e988234234cfa4b2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\_bz2.pyd
    Filesize

    13KB

    MD5

    8823bbfe843a63d31ce5f7c39a9e1f08

    SHA1

    b8a43ad954415a807422881b3b9c9bc47c0984f2

    SHA256

    3c14643ec8c30b8047c51d82d30de8b6e54b81608bbce1b154e168e224586b61

    SHA512

    bf225902638cc68c96215dd9c6507b3275b71256d868cef1e190c18261080978486776071e6a4e24524069495402d5eb9ebc4d81025753ee205e873dc7d72737

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\_ctypes.pyd
    Filesize

    52KB

    MD5

    a02f567cb035eb696ec2dbd542709227

    SHA1

    59e95f9c391936798fdfac0b2b0c791052470b7a

    SHA256

    712fe3a0b0b2bcc5e6508e4337d36374d1d3268967dd73f3f6580cd30800ca27

    SHA512

    c11462aedf0726f7592e94f61da8cb210435c93892f4f0cca32b3ffadcb447d238d875fae2bcc9c1b4e627098636398f92f13901cd9af9769a20b40c246a42d2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\_ctypes.pyd
    Filesize

    57KB

    MD5

    4dbadf16feaed50b0004df1ad9460b57

    SHA1

    6ba7ee57942f292cbc9a8406907b2288f209b2b4

    SHA256

    f1e9469ae6b1f1f7a16299bf3b73a5d42eca147dfd17c7a5190739b86fcf4f4c

    SHA512

    9a6d27e2db19dfbb40032f268f66e9ae436483481af8e71579a0781c0ebf2b3e5de1ebd9e0278c7913e359f1a3cad771dbb76153c3ffde6b8463e8180bee2411

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\_decimal.pyd
    Filesize

    41KB

    MD5

    2b61da07484c148093a96b621ebf14d1

    SHA1

    6773117d3f3aabe24c32c3399c4283c285185708

    SHA256

    d74086ed3e8f5b3db05479a9eb0d2fd2db47f70f694e62d86c2ac9f9fbd7e952

    SHA512

    e58c0add328485e76b429a220d5c3faa3805a3fd3edd32b06dbcc9b3e19b05091e710ad4ee1dbdca257a55f361d5967a382ea89f50ffc3ad6225bae53c9d016a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\_hashlib.pyd
    Filesize

    17KB

    MD5

    463ae324959cfa24a13c5765c841699f

    SHA1

    a2af52d004c37f16103dc903043e5825869cddd8

    SHA256

    022f43f61061c595663103123e06f102da26efc98f34e3f93bbb7964cde49c01

    SHA512

    70b42a9f1319b71fedaaa1c65a1a1316077a067d6744422ba7b53ecf4351875dde77be789dfb7543738428fb3dff14a21b99f894a114608aba566f3845c292c1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\_lzma.pyd
    Filesize

    45KB

    MD5

    6c287ee0bce94bf7fc7b66e989771ecc

    SHA1

    7b5a3d812bde410013174164622b86e17ed97880

    SHA256

    14f13464dd4c8b1cbc7acd103ca270ce23504f420c3f3b54ccf607d94be51fc5

    SHA512

    0729cedaa67b27aafeb91728cf6b9b52a45992ab508a0d8d4e60bfe703ff1b60e4586e9794d0ca65ebf8c2c43a5f305f69bee052a1e4421fa479fa20d006d366

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\_lzma.pyd
    Filesize

    78KB

    MD5

    012ac5a1fbfdc02bc6e1b8c8909df956

    SHA1

    9c3e0e88a25d5259d2f7c0e11730a2809426d4db

    SHA256

    d0d4edb4f7517aa1eff776f8ab8089ff967b2719e6cfd068cbe9b12fecf17f4c

    SHA512

    6069e8e134d40dc84b9efbbd1413c9360fcd4ab476aed5d9797d54327aae0fa7c0386e358aa793d6b5299195433211d99725d6af52afaf09492066590322bf01

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\_socket.pyd
    Filesize

    22KB

    MD5

    a5b2756ba25849d52267eaf51d9ea54d

    SHA1

    a347a57fbd01648511d43beee45ae7000cf5d140

    SHA256

    ad2f6978f378423a8daa124502f1a26e1a16d31208d3861887f8133712fc9cb9

    SHA512

    9cf2a7bf6b7f79e4c2ba2a9125e53beb3552f6f9981256e0dcf624c2e2f8be0c252806d1a8f075b5cfe102939f50ca0de86b3dda9b483ed2e4fd6de9887c77b4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\_tkinter.pyd
    Filesize

    33KB

    MD5

    3b9bbecc3cc9b581484efcf8b0a7172b

    SHA1

    af81eb9a709af31085e85ce8d3df033dc9eaf961

    SHA256

    94ee999ad21bf91552f5d4e92f8afaa7a5a419f6d12ce117932087ea7be8b4ad

    SHA512

    e87c8e851ddea58153352f376eeb71a12075d038adb6d00406fa4976e699bd824472aee4900541a539f6620f5ea38e54abfb4d83e5f3ff1e8bdb45f753142410

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\_tkinter.pyd
    Filesize

    1KB

    MD5

    fbfc6607f479d79f4f32ec0ed7e46001

    SHA1

    9191e6657c7fcf06ecb9a611d372f51062c4a85a

    SHA256

    424cbedd5b84ff3f369494b4a3052a647a9f6fe318be6a6a8a2d03ed789f637a

    SHA512

    9893858335f8df8ea06e7a488db3505353ff392ae3cf1675b2629d842939902bac52b09544985bbb09a3107616a34b6ea8f0fed44a2dc75aa5b3718808a0622f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\base_library.zip
    Filesize

    9KB

    MD5

    5439d6540a11149fa304248b29eece29

    SHA1

    388a5322086dfa2559cf7fe65fae9c4af28a9566

    SHA256

    d1a80a7cbc4ddf7c8d9f55671dbd39cc2f29ff6505cb57883afd8aa6c15ab861

    SHA512

    4d19b1e0e28e8ab9cc306513146157fad0235508c97ce70d879e97c68d904fdba7c56eb79e7906b5134b598fe2af074fbcb43df800d6feb09f85cd99825e6a7a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\libcrypto-3.dll
    Filesize

    20KB

    MD5

    951253afb4d3a166724d59de4e1c9473

    SHA1

    efff9a79638113fc198ea93e401f40b4d1c94a95

    SHA256

    dfb7c47a6825f1e1da4e49ef78eaa494974a2d0eb251e749b4995482273199b6

    SHA512

    8d3290d41015ce00f0617c767b66ec8eab200167e9a3eb90c95fa8c058e13bbaac1f3858491b777177933762e9134ea86dde55496ff1f70d5ba96dfeb51526ca

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\libffi-8.dll
    Filesize

    38KB

    MD5

    0f8e4992ca92baaf54cc0b43aaccce21

    SHA1

    c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

    SHA256

    eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

    SHA512

    6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\libffi-8.dll
    Filesize

    33KB

    MD5

    494535cd36467edd91163db4ebc315bb

    SHA1

    28d61b87b1578af45f09774c262e52854b253321

    SHA256

    219a4235f74bd4fa3c10d36b3b85738ce777f404a5a4ba807ee7c7e59fb3c7bc

    SHA512

    327f3d0963007d46fa7dcf2827eb0ded5df3b0a995c5bd5b1f7ed5746604b79fa089dbe3372e890f67e8ffbd599452e510f3f89fa7d6008c9d66fb3459e5704d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\python312.dll
    Filesize

    54KB

    MD5

    27211f7b397bc37e101a80be4c2fef13

    SHA1

    b6d1388cb729bebab2f76ff6e5cf506f94c3ad4e

    SHA256

    38e7bdc02f958eb017323f8f6de03a904ad79fa5b6ff4dd6f09df4e73bdcb132

    SHA512

    f5b44749fbc21755917d8ede0a7761bb1c4ac5e0437d65d61ae308350ec841ea1507c132b46b5a5435c07d9007d278e2da3e56114057f1c6f65f0103df24ca7f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\python312.dll
    Filesize

    27KB

    MD5

    526f4b1520a3a8699b40f30efc606424

    SHA1

    2faf2db0d2a6c7288cda53c5a60a794ffc222756

    SHA256

    01b5cb2ba2b252dd286519163c1115516a5db84df7e6b84187dbb0e20319e3c0

    SHA512

    8b29ff333c15d8095a25edad380bb20353eff96baf39683208dd77801916a8c1a1914c3159e218758b210949d8580b3cb879feaaabe5c97012e47893dc75cf8a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\select.pyd
    Filesize

    26KB

    MD5

    7e75d1286923e2446a95ce411b8f882f

    SHA1

    29b1650aa0cf05eebab16fc33652509f8e235fda

    SHA256

    7e97c0aefd1b57384ff06d0801875471ca5bfbfccec12ef31aea03e71a9b0309

    SHA512

    4dfbbf4f8e4eec6a05018add40f142df4b8896e93d66e9da0f243735e73a59f32d589f9381cb1d427a22567fe79a6248b0e6f86d842802c81e46af8124ec4241

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\tcl86t.dll
    Filesize

    29KB

    MD5

    f29a3c1886e7bdb2f4cf9b59eb9eaf8a

    SHA1

    cd225ed5d697c161ec65e711354c05f54085c3e8

    SHA256

    9993f04c48a4d73910e6b1172ad7c1a5818aa9184f4adc6ca6ef8d948d1132ba

    SHA512

    e82e9b9ab8e8a265995d57f3996b54b6c34ead03b3301d03e455619818a43268670b68ccebfab71782a1aae7c02c53f09d81b6eb2f10bbe2e22e5ffc3f05ac80

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\tcl86t.dll
    Filesize

    52KB

    MD5

    b828747a8c0b215d3d89bf7793b8e777

    SHA1

    c6fd1aaf87032b50666bcd87b375d7657a33f480

    SHA256

    21297d645ebdb65b8c2a6a4494b499fe16a37a3dddf39745f0ecca80ff535e9a

    SHA512

    e995928fed57bf044e6b9ae49ef7034a1c023506f1df91fdcc5289c01cb20eb91f753f77598543e829093db0598a447cdfab3741f8af9df73710ecf16a50e1ec

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\tcl\encoding\cp1252.enc
    Filesize

    1KB

    MD5

    e9117326c06fee02c478027cb625c7d8

    SHA1

    2ed4092d573289925a5b71625cf43cc82b901daf

    SHA256

    741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e

    SHA512

    d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\tk86t.dll
    Filesize

    17KB

    MD5

    ca630b83d07b335f331e52e3942901bc

    SHA1

    ac8b3ecc62088e2723984f4093fe6aee3a69b5cc

    SHA256

    403f62faf17a7b116bad8cb6be20fb1c5b5a8dc75d61ec77fda89485181b77d9

    SHA512

    6aaf8ea49530e0edd913894c13fd062f1d71b176bdeead0fafa681e331b5a5ca9634ac5555a71ae3b97a538e5b0d0b0d6cc670b0660dfadfb9e46b4523800275

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\tk86t.dll
    Filesize

    34KB

    MD5

    c6025d8fff4ffe54fcb39cd4565e90c3

    SHA1

    c15980dfe598ea5b7623a1c93e36ab99161e3205

    SHA256

    83c3486dde60d1246cdaff12aeeb629419dd471e15c7b9abc43c27b07d259217

    SHA512

    7049b00babd52b0c102fb81ba25fa24a89740d41d80a21bd367b6b99d4909f28abdf7864671004f50e89bd4728d2494521d697361db29b6c8d76ffe8aa6d15ed

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\unicodedata.pyd
    Filesize

    51KB

    MD5

    fbe5c2400365c1e2e54faa7b4e6e0a61

    SHA1

    f0e8df0dd7ee1147b0f91c80ba4029dcd965f534

    SHA256

    ea87e05d8216cb292970890321c0de7513337376413fd44a10776a084c24885e

    SHA512

    94e7c5dcb09ef076dcc8e651a479efb254525c7901403e47e2f9e994004b67b33800ea0fe05ac501f7b00fc194f341c2f22199b8a2321ca2ed6265c82acc1019

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\zlib1.dll
    Filesize

    31KB

    MD5

    8ba888f4f166d81315ff42401ff86828

    SHA1

    52860407449decf755f54b0cf9e851004938c96d

    SHA256

    1a56fe2079eb00c33af084f715e6166006d6e6c6f718efe77b99103c37d29f49

    SHA512

    37016408f910d27799dd96bc2e83e82eb7a440a481922f23d1a2ec853844ac32e2d1ccebbb54d94b5f6663077c4e662a63cdf6334a47e9e9b05e0a9d3c1ac9e9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI46002\zlib1.dll
    Filesize

    46KB

    MD5

    e3858b0f11258ba3f307b4b44fa1bb8d

    SHA1

    b0ae2af1d683226cf72510000addbcd7ab88a2c0

    SHA256

    f58881e58161c7432131e2836df0cd806d66200386558f48dc5f23436f95aadc

    SHA512

    17495fdd41b4dc4f0391a7c99e1c6229a8991af0e62ed80726c5d82b476e5a0db3f6cf439c971ee56fdfd0e005f274f59b47c90652832cf70a4b085bfac3910b

    Download Submit

  • memory/60-968-0x00007FFA9B3B0000-0x00007FFA9B3DA000-memory.dmp

    Filesize

    168KB

    Download