Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

50e5afcce7...1d.exe

windows7-x64

7

50e5afcce7...1d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    165s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 03:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    50e5afcce73cf163ea3e5cda30f9351d.exe

  • Size

    632KB

  • MD5

    50e5afcce73cf163ea3e5cda30f9351d

  • SHA1

    7ce8cc5ec6327d041d0dd71ba6c861b91662add1

  • SHA256

    70e19bda20de5019ebfa6c5c1e1a13e4e01f8cc6af21bee841e8fffe97ef1f7f

  • SHA512

    e1899fc730e555122b8e9646780bb67caabb6aec5993adc3e84a21b0585dedf6b2f3bcbfa2f6476a496466571389fb9bc0af2e1bfa027919d25625b20345890b

  • SSDEEP

    12288:mGwF8DRXgVPqaoXNoEixlbjDm+3z2AJLDl16ncmglhRvpwkFDv6Rfa/Bqyw2VB:7zXKqa8SEijjC+37li6hPr6Rigy9B

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\50e5afcce73cf163ea3e5cda30f9351d.exe
    "C:\Users\Admin\AppData\Local\Temp\50e5afcce73cf163ea3e5cda30f9351d.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1864
    • C:\Program Files (x86)\vbqxpva\klooss.exe
      "C:\Program Files (x86)\vbqxpva\klooss.exe"
      2⤵
      • Executes dropped EXE
      PID:764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files (x86)\vbqxpva\klooss.exe
    Filesize

    647KB

    MD5

    ce5076356f5e791c6d611cbcc748446f

    SHA1

    4d53927073c6059cd7dcc51708a2557b9d15f0cd

    SHA256

    9339a9096bc56176ccbf67018043fa54423ccc3a5bc397d0b55ae7ac75d45ce9

    SHA512

    0c33cd300df284862e06e7de3d3073dc9c5ab038de35d24f23749cb4f507663ee7ff4fe6678436df9900442882fa1586426403aabf17feb4bc5ff467e9bf1ad2

    Download Submit

  • memory/764-10-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/764-11-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1864-0-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1864-1-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1864-7-0x00000000004A0000-0x0000000000534000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1864-6-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download