Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

4df913ce49...78.exe

windows7-x64

7

4df913ce49...78.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    191s
  • max time network
    208s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 02:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4df913ce49b576b541c9f1491fa35578.exe

  • Size

    3.5MB

  • MD5

    4df913ce49b576b541c9f1491fa35578

  • SHA1

    7e95d5a188bdc0f0cbbb9760540e51ae14071531

  • SHA256

    23f4cf3bd27ada231b8e24cd453e2c795fa0618e858c0b696aaae5ec2fd78991

  • SHA512

    9ef62d7b4cef8243af046f1f1d0a2167ef5b67b1d0a93f121227769bbf48991983674d9d9a715c1cdccb91655debf40b8ef227212daa69d4eaaf8ae889a40431

  • SSDEEP

    49152:j+UF5eIfqkVn/Bja5TyHPuK4AK4WXpMtOEcC86TNo5RcfzxgBfokwUkR1lKU/MGO:HF8XOZjaIPT4NIOPC8gbflgwUu3ChQ4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4df913ce49b576b541c9f1491fa35578.exe
    "C:\Users\Admin\AppData\Local\Temp\4df913ce49b576b541c9f1491fa35578.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4180
    • C:\Users\Admin\AppData\Local\Temp\is-O72ID.tmp\4df913ce49b576b541c9f1491fa35578.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-O72ID.tmp\4df913ce49b576b541c9f1491fa35578.tmp" /SL5="$70066,3230774,140800,C:\Users\Admin\AppData\Local\Temp\4df913ce49b576b541c9f1491fa35578.exe"
      2⤵
      • Executes dropped EXE
      PID:220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-O72ID.tmp\4df913ce49b576b541c9f1491fa35578.tmp
    Filesize

    585KB

    MD5

    0b0b6660ad12a24bc80c1e708945db61

    SHA1

    0e7d77510ea54fb543b17d0c9e56f8031fbbe879

    SHA256

    d58ed0db64a3fcc8660cdb8cf0c5d70bdc140d735cbbb6fb2e598308a764c7a5

    SHA512

    cb6fd44a133b520a959eff21de512493b94bee052d97b8307df2af2c4f1ea383d0b550a680fd968981667b2bb7610dafba2beeb42f2f3c7f4ebea957bbc89e39

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-O72ID.tmp\4df913ce49b576b541c9f1491fa35578.tmp
    Filesize

    433KB

    MD5

    ca3d4c616920148ec23a51d9f90a4399

    SHA1

    855356d13edc4493bd28c7ddb85cc568fe4672fa

    SHA256

    f441a4322ce5993ea18dea0ef076557aaa5ea0dbfd6f12d9dfb2b889a7065646

    SHA512

    32ca47d8e917726cd7a1e5d4b6e5507f65a8a67a87ace5cd9fac14afae7ef7b773a0ae638011b0bc5daa76d9dd89c10c84d13555e242f6c3b2b5e8749dba8d64

    Download Submit

  • memory/220-7-0x0000000002430000-0x0000000002431000-memory.dmp

    Filesize

    4KB

    Download

  • memory/220-12-0x0000000000400000-0x0000000000536000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/220-14-0x0000000000400000-0x0000000000536000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/220-16-0x0000000002430000-0x0000000002431000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4180-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4180-6-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4180-13-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download