Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0429a6aa78...a8.exe

windows7-x64

7

0429a6aa78...a8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 03:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0429a6aa782622e2313ebdb53de755a8.exe

  • Size

    82KB

  • MD5

    0429a6aa782622e2313ebdb53de755a8

  • SHA1

    4827e77270412b71ba7b4093278a806a2dbcce36

  • SHA256

    21bf19f8fa75a8e180c336fda6f320309aa39547763b403346a94c51e5865953

  • SHA512

    eb5add72f60d92029e8cdcf05d646175befa006446a41fea92a6401a9b27cb89acd7f5b736e4b96b8de51cdf6731d383e80441e167c27f02a84ead949a155284

  • SSDEEP

    1536:OqLvKnkMqEcUoOhYTPYs88IdZMk3e03CUT3/ubhaIp3ZzD2/mYK1z7d5Hgy/t8Jo:OQS9nQzMZYU6b53ZzD2/mYK1z76e

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0429a6aa782622e2313ebdb53de755a8.exe
    "C:\Users\Admin\AppData\Local\Temp\0429a6aa782622e2313ebdb53de755a8.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Users\Admin\AppData\Local\Temp\0429a6aa782622e2313ebdb53de755a8.exe
      C:\Users\Admin\AppData\Local\Temp\0429a6aa782622e2313ebdb53de755a8.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\0429a6aa782622e2313ebdb53de755a8.exe
    Filesize

    82KB

    MD5

    b0731604f97a7e8394c3272c6b2a9047

    SHA1

    12104bf69f4f8bb0692bcc03be5e05c9ac3d7381

    SHA256

    2852e131a603be5d040b737addd39c02f4e7dc58e3de02c302777180c8303733

    SHA512

    c5ddd05b1c8ace85557a500cfb390dbefa7934457116362b11e5a036e043f0bc6aecca8b401484afba89108d770ddbac11a07164e54d2c49c2d5712e0635d2c0

    Download Submit

  • memory/2252-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2252-1-0x00000000000F0000-0x000000000011F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2252-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2252-12-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4440-13-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4440-18-0x00000000001B0000-0x00000000001DF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4440-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4440-25-0x00000000014F0000-0x000000000150B000-memory.dmp

    Filesize

    108KB

    Download