Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

1a70ddda34...0b.exe

windows7-x64

7

1a70ddda34...0b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 23:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a70ddda3494f38620d8225722dcaa0b.exe

  • Size

    124KB

  • MD5

    1a70ddda3494f38620d8225722dcaa0b

  • SHA1

    4ba005c61bfbbf44bb3a6d4e074db32ce1067cbb

  • SHA256

    c25a422adb9d3a908fce0bea29bb9b1e3d79caf699a9d4b73ed3c64ce73b9c1c

  • SHA512

    89871bfb42e4fa890ebee8c42d17a1b1c3a71be8c5e38eec29f05bc34071372024e9ab72ab9e2fdf3495f51165da427d6f0c2f9d564b569405a381a34fab848d

  • SSDEEP

    3072:vifRL+q31nJ/XOXVh06/0NEUYynNELl1RAX61qrZLnznF:6fBZ1nJSZ/MY2ilfAq1IZt

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\Temp\MT\1a70ddda3494f38620d8225722dcaa0b.exe
    "C:\Windows\Temp\MT\1a70ddda3494f38620d8225722dcaa0b.exe"
    1⤵
    • Executes dropped EXE
    PID:2700
  • C:\Users\Admin\AppData\Local\Temp\1a70ddda3494f38620d8225722dcaa0b.exe
    "C:\Users\Admin\AppData\Local\Temp\1a70ddda3494f38620d8225722dcaa0b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2040-0-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2040-15-0x0000000002750000-0x0000000002796000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2040-14-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2700-16-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2700-18-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download