Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    2s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 03:13

General

  • Target

    4f535ed5f81acb6563ece83b76555333.exe

  • Size

    373KB

  • MD5

    4f535ed5f81acb6563ece83b76555333

  • SHA1

    3491e33820e1f856b4d12ed0f9b4167d2df15432

  • SHA256

    e2b39c4e384688ce8cc804eb468ae2829c814b2145f7fa1fc8f313233bd2cadd

  • SHA512

    ed879a81e7f3d95fa5469b02f14c37e7decae55807796de82a5e183a213340b738826a6c5005f63653912d9dddb314c33fe4d924a479adf6eac58f7a9067aa9c

  • SSDEEP

    6144:O71s7MqrWsve48edpIynD5bZ1XmmV9jwQ1E++yDqDCphnF1cACTfgjdBi:zWi8eQeZ1XmM9j519DXF1kfgjdBi

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\4f535ed5f81acb6563ece83b76555333.bat
    1⤵
    • Deletes itself
    PID:2808
  • C:\Users\Admin\AppData\Local\Temp\4f535ed5f81acb6563ece83b76555333.exe
    "C:\Users\Admin\AppData\Local\Temp\4f535ed5f81acb6563ece83b76555333.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2456-0-0x0000000000400000-0x00000000004E2000-memory.dmp

    Filesize

    904KB

  • memory/2456-9-0x0000000000400000-0x00000000004E2000-memory.dmp

    Filesize

    904KB

  • memory/2456-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB