Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

50e5afcce7...1d.exe

windows7-x64

7

50e5afcce7...1d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    43s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 03:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    50e5afcce73cf163ea3e5cda30f9351d.exe

  • Size

    632KB

  • MD5

    50e5afcce73cf163ea3e5cda30f9351d

  • SHA1

    7ce8cc5ec6327d041d0dd71ba6c861b91662add1

  • SHA256

    70e19bda20de5019ebfa6c5c1e1a13e4e01f8cc6af21bee841e8fffe97ef1f7f

  • SHA512

    e1899fc730e555122b8e9646780bb67caabb6aec5993adc3e84a21b0585dedf6b2f3bcbfa2f6476a496466571389fb9bc0af2e1bfa027919d25625b20345890b

  • SSDEEP

    12288:mGwF8DRXgVPqaoXNoEixlbjDm+3z2AJLDl16ncmglhRvpwkFDv6Rfa/Bqyw2VB:7zXKqa8SEijjC+37li6hPr6Rigy9B

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\50e5afcce73cf163ea3e5cda30f9351d.exe
    "C:\Users\Admin\AppData\Local\Temp\50e5afcce73cf163ea3e5cda30f9351d.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:4460
    • C:\Program Files (x86)\meqb\rkducp.exe
      "C:\Program Files (x86)\meqb\rkducp.exe"
      2⤵
      • Executes dropped EXE
      PID:2860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\meqb\rkducp.exe
    Filesize

    18KB

    MD5

    6fc3a79737a6ba728d30c54988ecf626

    SHA1

    0e2d25b2970635bbe3a669892c0021706163b235

    SHA256

    a6c32e58016148fb376164c57df589767d74e756765272a2e45ba899ab7e41c7

    SHA512

    2905f93a70136598d69cdbf6a068fe85e92a060df627d8e0a9813d151731e4dfc5925c04d21f316d3724a10cf6a45aebeb1196ad1feb0497183dde31b743437e

    Download Submit

  • C:\Program Files (x86)\meqb\rkducp.exe
    Filesize

    33KB

    MD5

    c442fbe89c97001657d13d8ecf9026e9

    SHA1

    382880b7b4554fbf1c56897675d6f4cf1ece6f6a

    SHA256

    d27195e26717a1bb056e82126e0c35e8027afc1f2360465f1432d7cb654b0d3e

    SHA512

    dae7025d2e34847137237e26bc0753270b1eba019c3e448f0340e9e22424febfa877fe5add5431366b76f544aac37e9197d62ca178c39bbe3775b2d162171a78

    Download Submit

  • memory/2860-9-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2860-8-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/4460-0-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/4460-6-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/4460-1-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download