Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

05fa55c39b...e4.exe

windows7-x64

7

05fa55c39b...e4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 04:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05fa55c39bb0e5219ce1e880713ce1e4.exe

  • Size

    101KB

  • MD5

    05fa55c39bb0e5219ce1e880713ce1e4

  • SHA1

    0011ce69b2431a04f07e265b3a9232c84fc71da4

  • SHA256

    06a06f13882eae939c2c4e0e1ced26083aefe74066eaebf2ccc99dae203e1f0d

  • SHA512

    414fcef345c86066a9f65fda462627d9df56df15b93be25f0db1d8f4b2a56a0126afc2d6952dcb895cb6d11a5b0275201e20bd18a1001c539d508082d045374a

  • SSDEEP

    1536:5Dw1rLyhbY6IvsWaLVIFAFUkDk49PS5+i/hMLYezVjftKIPteJnouy8aqtiB:5DpIUF59S4se06VYIPsZoutaqti

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05fa55c39bb0e5219ce1e880713ce1e4.exe
    "C:\Users\Admin\AppData\Local\Temp\05fa55c39bb0e5219ce1e880713ce1e4.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3936
    • C:\Windows\SysWOW64\cscript.exe
      cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
      2⤵
        PID:1020

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Downloader.log
      Filesize

      5KB

      MD5

      9650a45751a6191246d91cfb2e8db9e3

      SHA1

      d1da498d440cb2f10c2bfd5b2b00b7fd959adb49

      SHA256

      668a3d9e5ea03ec8f5f8a7eaf3aa52e5896940df80f790e3e737fe5db360b6aa

      SHA512

      9194bd91f89cab5cdf8928ff4f71165a762fc7dc2f6037ac30dd74f268033c19d72415b0a71511bcc1fba93a2549ce927383856e755f20fb426e95fbae1f8dbd

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Downloader.log
      Filesize

      1KB

      MD5

      311948003a1e3e81ac4416d51c6d3471

      SHA1

      3c0df48e0c62c4ef1b2832dfaa4aaf73e21c43c7

      SHA256

      a48aa9a39fee52e9d6b9ecbd23b1b304020cf9d02d6bdec411a6d8fc2ae0f180

      SHA512

      71f8022b643f00ff0f80de5f03e378d626c04213fe9b320960a100e770ed94f4c8d2d8077b9961540de317a38752de3b6a0ccd39a8384862b4c8d13dc8beb25a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\hd.vbs
      Filesize

      245B

      MD5

      d8682d715a652f994dca50509fd09669

      SHA1

      bb03cf242964028b5d9183812ed8b04de9d55c6e

      SHA256

      4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

      SHA512

      eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

      Download Submit

    • memory/3936-0-0x0000000000020000-0x000000000005F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/3936-36-0x0000000000020000-0x000000000005F000-memory.dmp

      Filesize

      252KB

      Download