Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

05fa55c39b...e4.exe

windows7-x64

7

05fa55c39b...e4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 04:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05fa55c39bb0e5219ce1e880713ce1e4.exe

  • Size

    101KB

  • MD5

    05fa55c39bb0e5219ce1e880713ce1e4

  • SHA1

    0011ce69b2431a04f07e265b3a9232c84fc71da4

  • SHA256

    06a06f13882eae939c2c4e0e1ced26083aefe74066eaebf2ccc99dae203e1f0d

  • SHA512

    414fcef345c86066a9f65fda462627d9df56df15b93be25f0db1d8f4b2a56a0126afc2d6952dcb895cb6d11a5b0275201e20bd18a1001c539d508082d045374a

  • SSDEEP

    1536:5Dw1rLyhbY6IvsWaLVIFAFUkDk49PS5+i/hMLYezVjftKIPteJnouy8aqtiB:5DpIUF59S4se06VYIPsZoutaqti

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05fa55c39bb0e5219ce1e880713ce1e4.exe
    "C:\Users\Admin\AppData\Local\Temp\05fa55c39bb0e5219ce1e880713ce1e4.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:760
    • C:\Windows\SysWOW64\cscript.exe
      cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
      2⤵
        PID:2856

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Downloader.log
      Filesize

      5KB

      MD5

      ba789ce4f22764a18f1a9fcae5cdc7dc

      SHA1

      caa60bfe78c88ce3cc5ab751dd4ade9b6bbea74d

      SHA256

      9e37eddac23873371dce626f5cc6fa09c11bd4b9349539f242bc874060b1a7a5

      SHA512

      310d3ebc509576cc4219a2afe7668e7400eaad3594ba75c2f108563c9ab42fe0cd17da2774af0c622070e54db2f8209ccf39083ade291e1d75c30b2693dff7f0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\hd.vbs
      Filesize

      245B

      MD5

      d8682d715a652f994dca50509fd09669

      SHA1

      bb03cf242964028b5d9183812ed8b04de9d55c6e

      SHA256

      4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

      SHA512

      eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

      Download Submit

    • memory/760-0-0x0000000000230000-0x000000000026F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/760-36-0x0000000000230000-0x000000000026F000-memory.dmp

      Filesize

      252KB

      Download