Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

06ffd44e8e...c7.exe

windows7-x64

7

06ffd44e8e...c7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 05:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    06ffd44e8ecb6bd7a8ab71495a8e7fc7.exe

  • Size

    79KB

  • MD5

    06ffd44e8ecb6bd7a8ab71495a8e7fc7

  • SHA1

    944ebc880287c99f6e2c81d2bfa3a5072785574f

  • SHA256

    c25fba629a05e978fb1a181d2b4f5d6b376ec1b1cb1ae3f803651a37244ad51b

  • SHA512

    b13d04e0c668f101ccef685a8e5f2322059771171bab328f855f6a919774370f507c95551ed2ddae63803b29ea8696ba458e707803b091e35855766a4321e1d8

  • SSDEEP

    1536:/0qbhrad9YMtuiT+p//o3LB0ix2qc/H5:/0qb4Ww2ix5c/H5

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06ffd44e8ecb6bd7a8ab71495a8e7fc7.exe
    "C:\Users\Admin\AppData\Local\Temp\06ffd44e8ecb6bd7a8ab71495a8e7fc7.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1060
    • C:\Windows\SysWOW64\notepad.exe
      notepad C:\Users\Admin\AppData\Local\Temp\Message
      2⤵
        PID:1596

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Message
      Filesize

      4KB

      MD5

      aa258d0208eeff3ebe85a38e5798dd14

      SHA1

      2ee90565582960c9ebe9e2fa3fa7e37f7ad9ce14

      SHA256

      0a1e8a1aad0af61adc1185cf79f3e7b5138f113ce34b822f9f264d3a2ca7f076

      SHA512

      f439773edf493518e4ba58d20b4b1f1294a0003ee502f77820a99522f4726420d2affa5e4349e02fb80605ba22d81bdb903c6aebb9ddb038b7c82b9f6fe1fef8

      Download Submit

    • C:\Windows\SysWOW64\shimgapi.dll
      Filesize

      12KB

      MD5

      d39661be16417c3af2c0c6356cd213e7

      SHA1

      ee16bc21152f70410de8b075bc984da69bc4c636

      SHA256

      cffcfd95f0e7cb24b3b98237037057a90654f7a0dcacaa8cdae3e0734f31f378

      SHA512

      be1bf7dac1cdf9d06e52f8e63cc8c87a897a8df197eeceae01348f68e566dbd9b95a9b6a9dc9afbdc5385d0d45ea4c664e86399e718a6662b40f2214beb6b972

      Download Submit