Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

178b44a1c6...4e.exe

windows7-x64

7

178b44a1c6...4e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 10:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    178b44a1c68202bb71c1431d7355b64e.exe

  • Size

    1.5MB

  • MD5

    178b44a1c68202bb71c1431d7355b64e

  • SHA1

    40413ef1a0cf2ad19c2bb6c1c48fcd1146316530

  • SHA256

    8fd3d502525f21d48a8f99913556b0a6d31b36b7ce6e140ab112321d8445ccf1

  • SHA512

    fd79c9aed912193c7a67878848754be169f91bb42734412c59cb62e8eba5618d0bbe462589e2941715eba92adb9d26e64f0581c0d21e62d64e5cf52be0594f94

  • SSDEEP

    24576:e9dG37Vk0R07Qanm9nR53D1ckM2NMbrgX6UZzbY1Y4kbp7S48a+KnMCjrZ9wFeRJ:lrq0R07QQm5D2dgK0XY1X4pWKnzhCFa

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\178b44a1c68202bb71c1431d7355b64e.exe
    "C:\Users\Admin\AppData\Local\Temp\178b44a1c68202bb71c1431d7355b64e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Users\Admin\AppData\Local\Temp\1A44.tmp
      "C:\Users\Admin\AppData\Local\Temp\1A44.tmp" --pingC:\Users\Admin\AppData\Local\Temp\178b44a1c68202bb71c1431d7355b64e.exe A12FA3E17F47CB4E27F42EFF4063D377A101D75B7303B1D4FBBF1BD173CF0BD7720B680398DA24D13A3E6302B29F63DF01C9865AA5D7F2EEC124195D2F7992AF
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\1A44.tmp
    Filesize

    92KB

    MD5

    35775d945121dfb65fe49ab9f8ef4188

    SHA1

    492b1afeb8b2de1386e49410ed4aad77632aa856

    SHA256

    838f89018921f4721bedcf0c61c7388ac3bfe2167a4637eefc14a9e255fad7cb

    SHA512

    cb7f5cccbdecb4bd6ff8815c46183dabf2c412ac3ba9da4617b27531cb5298b305ba7d8a0caf3137ef8ceefab179ee69f7ed3d0d5c7833105ed8a668d8b8dd67

    Download Submit

  • memory/2172-8-0x0000000000210000-0x00000000003DE000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2916-0-0x00000000001D0000-0x000000000024A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2916-1-0x0000000000BC0000-0x0000000000D8E000-memory.dmp

    Filesize

    1.8MB

    Download