Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

1e1bb50d1b...fd.exe

windows7-x64

7

1e1bb50d1b...fd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 12:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1e1bb50d1b247baf60f2243e42760efd.exe

  • Size

    1010KB

  • MD5

    1e1bb50d1b247baf60f2243e42760efd

  • SHA1

    dce135f07d0e3263f586778b0ed2608863ba423a

  • SHA256

    533d962d2084f6306f40dca33c5a5a0a8408e61adc24b95fb13fccc161d178d7

  • SHA512

    5d70940a91bcbaceb1f97f37a2ede74afed15b78728ed7d02ebb4e2f6c18b536d2d8e3fee21ceee61332dac3dac7f95cb890419958213e293bd11c9762c931f0

  • SSDEEP

    12288:Vnjp8km4egkhfFYTfm6hiYc5plDFwrilMiYTfm:jvmfBmfduvlB7lbmf

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e1bb50d1b247baf60f2243e42760efd.exe
    "C:\Users\Admin\AppData\Local\Temp\1e1bb50d1b247baf60f2243e42760efd.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2552
    • C:\Users\Admin\AppData\Local\Temp\1e1bb50d1b247baf60f2243e42760efd.exe
      C:\Users\Admin\AppData\Local\Temp\1e1bb50d1b247baf60f2243e42760efd.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1e1bb50d1b247baf60f2243e42760efd.exe
    Filesize

    385KB

    MD5

    8de26e34072a2b0fc1685978738630b5

    SHA1

    6ad4957d6b1104ef5ea64dfd7d9859da9ce89e89

    SHA256

    722460aa503fed8ec57ac856ea7ed67c3168051eb394579377d3bb43749b7767

    SHA512

    f0f9755d6d1dc9adedbe27ece895138ce3534f1df894802de6ee0508c0fcaea1cd7737feb9728b076f08ba8b66569ae9f3fd0cd7d75ccbc3f7daa9f3cba378bd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\1e1bb50d1b247baf60f2243e42760efd.exe
    Filesize

    1010KB

    MD5

    7991c5b51ecae14290956fcd35037c10

    SHA1

    52c93a85077bec4744b6d38397fa1dc7187340d4

    SHA256

    c6c4370f49754bd738f0cbc22e2de316447ce0edd01d1035906e6da091356200

    SHA512

    ea60dce92c832745ca526e595588d3dc08c0f239ed35204880fb21d91e620ca73d73dc8c8048ef766db54d8cc18c66176e770201bacab84e986924ea0624f46e

    Download Submit

  • memory/2332-17-0x0000000000400000-0x0000000000450000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2332-23-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2332-24-0x00000000002A0000-0x00000000002F0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2332-22-0x0000000000170000-0x00000000001A3000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2332-30-0x0000000000400000-0x00000000004F1000-memory.dmp

    Filesize

    964KB

    Download

  • memory/2552-0-0x0000000000400000-0x00000000004F1000-memory.dmp

    Filesize

    964KB

    Download

  • memory/2552-1-0x0000000000400000-0x0000000000450000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2552-2-0x0000000000170000-0x00000000001A3000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2552-12-0x0000000002DD0000-0x0000000002EC1000-memory.dmp

    Filesize

    964KB

    Download

  • memory/2552-15-0x0000000000400000-0x0000000000450000-memory.dmp

    Filesize

    320KB

    Download