Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

025c6f6140...8a.exe

windows7-x64

7

025c6f6140...8a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 03:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    025c6f6140a14719495925f4f055eb8a.exe

  • Size

    7.1MB

  • MD5

    025c6f6140a14719495925f4f055eb8a

  • SHA1

    33f10cf60333c41cc1b787f9e94fc4130ff82c30

  • SHA256

    9d138e731518e46106c6bba7dc7314f0ea42bf86990dd128a4d4c386a2227919

  • SHA512

    2f8a650f43bf790bf084bf7f0c4448e094e34701e97d1f4473c348ab2fe441f7c0b87c107e688d48854b61cd7bac98efba6650af8c9cbda01c92306b50f4c833

  • SSDEEP

    196608:t0tPmCsXDjDyf6L2WliXYrHW1kIGs5Uev4T:KPmCEDVL2ciIrHWV5UW

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\025c6f6140a14719495925f4f055eb8a.exe
    "C:\Users\Admin\AppData\Local\Temp\025c6f6140a14719495925f4f055eb8a.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3632
    • C:\Users\Admin\AppData\Local\Temp\025c6f6140a14719495925f4f055eb8a.exe
      "C:\Users\Admin\AppData\Local\Temp\025c6f6140a14719495925f4f055eb8a.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1664
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c color 0c
        3⤵
          PID:4252

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI36322\VCRUNTIME140.dll
      Filesize

      94KB

      MD5

      18049f6811fc0f94547189a9e104f5d2

      SHA1

      dc127fa1ff0aab71abd76b89fc4b849ad3cf43a6

      SHA256

      c865c3366a98431ec3a5959cb5ac3966081a43b82dfcd8bfefafe0146b1508db

      SHA512

      38fa01debdb8c5369b3be45b1384434acb09a6afe75a50a31b3f0babb7bc0550261a5376dd7e5beac74234ec1722967a33fc55335b1809c0b64db42f7e56cdf7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI36322\_ctypes.pyd
      Filesize

      124KB

      MD5

      7322f8245b5c8551d67c337c0dc247c9

      SHA1

      5f4cb918133daa86631211ae7fa65f26c23fcc98

      SHA256

      4fcf4c9c98b75a07a7779c52e1f7dff715ae8a2f8a34574e9dac66243fb86763

      SHA512

      52748b59ce5d488d2a4438548963eb0f2808447c563916e2917d08e5f4aab275e4769c02b63012b3d2606fdb5a8baa9eb5942ba5c5e11b7678f5f4187b82b0c2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI36322\base_library.zip
      Filesize

      111KB

      MD5

      0f2530e4a6ca26c3c06279e06903def7

      SHA1

      4b20e3d8ed88b6c1d0da59e02f7ed09aa7da9455

      SHA256

      5f2e290b8baccc2887c538406da4859aed5c63a348c567f6ea1c449d90b517b3

      SHA512

      85d222122cf3deb6dcac026b3e8ab39fc68c28cbb4761a6f456026b1301edb5c73cd9d39fc55a30bc270dc7a452a56d1b0e0b13a36a07aa805b1206afa87dd9b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI36322\libffi-7.dll
      Filesize

      32KB

      MD5

      eef7981412be8ea459064d3090f4b3aa

      SHA1

      c60da4830ce27afc234b3c3014c583f7f0a5a925

      SHA256

      f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

      SHA512

      dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI36322\python39.dll
      Filesize

      705KB

      MD5

      dcdc338b9ac155755cac54d0e721911f

      SHA1

      7b6df61ac21b12337ae6cd93612db8a695547230

      SHA256

      e4b384f7f55efaa27e222d72caf63faaf14be239608fdc8e690233283b078f63

      SHA512

      4c331b94363e5daa8407c29fa113e87f868021995083fea7d582fd4df39d6048c2cffb08239fee21dadee4dda32f8c021f89cc69c8dcf8b8652977333cb61984

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI36322\python39.dll
      Filesize

      126KB

      MD5

      90f1621bd07e53afa62b1e3c528cf3ed

      SHA1

      235ebe761741d8ff3dc691655240f52795796605

      SHA256

      dd5a2b1705301bb4193e03082ac42151eea4836f31adc1655c66888da0fafa02

      SHA512

      c56e44255008884acc120da1956b08c769eec6f0a15ffb174358d80fb291a9816bf5f089cc34465b37c7d65f88089109f98bdbe3183d136f03bccb6364f80ec4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI36322\ucrtbase.dll
      Filesize

      971KB

      MD5

      bd8b198c3210b885fe516500306a4fcf

      SHA1

      28762cb66003587be1a59c2668d2300fce300c2d

      SHA256

      ce2621719f1358508c2c33bcc1380d78a737ca20cd18c0ac89f38e1be788d9a2

      SHA512

      c32b6c083d3a7da01085718e5685e9a04034be91251c065794ceef1dfaaf6573fdd845cbc84e926ab3f510d295649cb6e497564fbe52cc79c053357c645c11a5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI36322\ucrtbase.dll
      Filesize

      577KB

      MD5

      73473ca6567cdf9a9cd995937c5eb1c2

      SHA1

      8eb595f65011ed15b793c47a220ab1c076ffb2ca

      SHA256

      f3e21e41d186e72461e245de583ba6271ee769b53617d13346f7532ff15a8015

      SHA512

      4b3f85c232cbf9a6b7bd009c550efc543211f879fe44cbadceac6cfde87b4ad5ce5bf4f4bb5803f1ce789651c8b188afbf6e6dc7159a35012d351a628e561b94

      Download Submit