Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1f790d8a2a...7a.exe

windows7-x64

7

1f790d8a2a...7a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 12:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f790d8a2a51e755fa6055218a14037a.exe

  • Size

    1.1MB

  • MD5

    1f790d8a2a51e755fa6055218a14037a

  • SHA1

    6abfa16fab394b8ec971c55b8f246303051bfbcf

  • SHA256

    6b1a2af19b2834df899e74bcb60684585ccb6cfd5ca9d6414e724e2636d1e427

  • SHA512

    7e9d31bd9b9dc422eaec445e5a7dafe9cdd0a75a187bed3b5723402a133b2128939acb05c70fda1f42f642ef8f8804b2f3967492b2dfbbc9b366493a80cb9d03

  • SSDEEP

    24576:5nar7mgfti3kRqJUNZ0CPLDB4C/41hVa0yd2CQR2OEJaTwKoDsg5j1mu5m:5ajFXZP5LUhVS4DwNQEdQYxU

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f790d8a2a51e755fa6055218a14037a.exe
    "C:\Users\Admin\AppData\Local\Temp\1f790d8a2a51e755fa6055218a14037a.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:456
    • C:\Users\Admin\AppData\Local\Temp\is-PJPM0.tmp\1f790d8a2a51e755fa6055218a14037a.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-PJPM0.tmp\1f790d8a2a51e755fa6055218a14037a.tmp" /SL5="$F0060,950481,54272,C:\Users\Admin\AppData\Local\Temp\1f790d8a2a51e755fa6055218a14037a.exe"
      2⤵
      • Executes dropped EXE
      PID:5044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-PJPM0.tmp\1f790d8a2a51e755fa6055218a14037a.tmp
    Filesize

    263KB

    MD5

    6ee1ed5f47fe1549850ed91119413dc0

    SHA1

    301fcb31976a597d0e48836130a154e5fa60a434

    SHA256

    1e664fe8988255b8ccea072a30857d2065eb58d12c9fbe658147d7db52c88ec3

    SHA512

    a89043fb875f4378e046163c934ae362ba3b74ab883c6a499cbb8d94f15b6413706995cca6826b6095e20971a8457ad8938363e474855404ae1f8ca4b0982eec

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-PJPM0.tmp\1f790d8a2a51e755fa6055218a14037a.tmp
    Filesize

    256KB

    MD5

    49588285b1b0e5c8b33aa04b01ffb0c7

    SHA1

    e5ea5b25fade9e7a7f78108b1251229a75d3b78f

    SHA256

    57894702f7bcaacc70a95f974aed6f010a4ba3beef596a87127a14bd435df983

    SHA512

    d21bae0a023ab87432f6f8e508c29e867812ff8ef32e7ca2435b1a0790b3c6de775f7900dfb11c345f31aa4f60b0bc8901393705cade449c785dea44d15fbe26

    Download Submit

  • memory/456-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/456-2-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/456-13-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/5044-10-0x0000000002100000-0x0000000002101000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5044-14-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/5044-17-0x0000000002100000-0x0000000002101000-memory.dmp

    Filesize

    4KB

    Download