Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

44a297cf8e...29.exe

windows7-x64

7

44a297cf8e...29.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 23:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    44a297cf8e98419e8987141cf66fe129.exe

  • Size

    209KB

  • MD5

    44a297cf8e98419e8987141cf66fe129

  • SHA1

    4b504f0e5c28f0ff99137f1db06512fbbb2f4fa4

  • SHA256

    3cb1b41ea234f3ee80f87f6a4e3ecab42cf7a076c4fe68861ab3d0596dbda404

  • SHA512

    60d9a0896eab319cf8db5cd14bd93f8a4c89bebd9d2402733c27503a70f65d800b93b566c149d4838a08e74f3125fe2030b29fa3cc3a631f238ac472a73040b6

  • SSDEEP

    6144:Kl8sGcdu3dgI7+26cePVetEtld4TbmlQCEPOoFYY7MF:OTdu3Kb2v5atlCbyYGy7M

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 8 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\44a297cf8e98419e8987141cf66fe129.exe
    "C:\Users\Admin\AppData\Local\Temp\44a297cf8e98419e8987141cf66fe129.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1816
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\41E0.tmp\vir.bat""
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1168
      • C:\Windows\SysWOW64\calc.exe
        CALC.EXE
        3⤵
          PID:1740
        • C:\Users\Admin\AppData\Local\Temp\u.dll
          u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2400
        • C:\Users\Admin\AppData\Local\Temp\u.dll
          u.dll -bat vir.bat -save 44a297cf8e98419e8987141cf66fe129.exe.com -include s.dll -overwrite -nodelete
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2832
    • C:\Users\Admin\AppData\Local\Temp\44EC.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\44EC.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe44ED.tmp"
      1⤵
      • Executes dropped EXE
      PID:1780
    • C:\Users\Admin\AppData\Local\Temp\4318.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\4318.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe4319.tmp"
      1⤵
      • Executes dropped EXE
      PID:2648

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1780-140-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/1780-145-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/1816-0-0x0000000000400000-0x00000000004BF000-memory.dmp

      Filesize

      764KB

      Download

    • memory/1816-154-0x0000000000400000-0x00000000004BF000-memory.dmp

      Filesize

      764KB

      Download

    • memory/2400-139-0x00000000004C0000-0x00000000004F4000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2648-70-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2648-76-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2832-69-0x00000000002D0000-0x0000000000304000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2832-67-0x00000000002D0000-0x0000000000304000-memory.dmp

      Filesize

      208KB

      Download