Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0429a6aa78...a8.exe

windows7-x64

7

0429a6aa78...a8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 03:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0429a6aa782622e2313ebdb53de755a8.exe

  • Size

    82KB

  • MD5

    0429a6aa782622e2313ebdb53de755a8

  • SHA1

    4827e77270412b71ba7b4093278a806a2dbcce36

  • SHA256

    21bf19f8fa75a8e180c336fda6f320309aa39547763b403346a94c51e5865953

  • SHA512

    eb5add72f60d92029e8cdcf05d646175befa006446a41fea92a6401a9b27cb89acd7f5b736e4b96b8de51cdf6731d383e80441e167c27f02a84ead949a155284

  • SSDEEP

    1536:OqLvKnkMqEcUoOhYTPYs88IdZMk3e03CUT3/ubhaIp3ZzD2/mYK1z7d5Hgy/t8Jo:OQS9nQzMZYU6b53ZzD2/mYK1z76e

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0429a6aa782622e2313ebdb53de755a8.exe
    "C:\Users\Admin\AppData\Local\Temp\0429a6aa782622e2313ebdb53de755a8.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Users\Admin\AppData\Local\Temp\0429a6aa782622e2313ebdb53de755a8.exe
      C:\Users\Admin\AppData\Local\Temp\0429a6aa782622e2313ebdb53de755a8.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\0429a6aa782622e2313ebdb53de755a8.exe
    Filesize

    82KB

    MD5

    70dfbe618ccc0767163ff838a854f5ab

    SHA1

    5b48e32f6b55f2c78300c92e4a1693e1f45e510d

    SHA256

    9157a9959564375fbf421618f8354dddf165686f691d700199ffe839e71a1825

    SHA512

    ca798962e2f0334ac276f863ac01fed7c707d6a269281c566544339e15921e467b115f7c36e79047204ec07e6101a8f82de265c59a19b3587b0c2bfbf90ee906

    Download Submit

  • memory/2208-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2208-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2208-7-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2208-12-0x0000000000210000-0x000000000023F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2208-15-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2988-22-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2988-27-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2988-28-0x00000000003B0000-0x00000000003CB000-memory.dmp

    Filesize

    108KB

    Download