Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

59c122b9a3...b9.exe

windows7-x64

7

59c122b9a3...b9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 06:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    59c122b9a38d1ca7849b7475a636b2b9.exe

  • Size

    200KB

  • MD5

    59c122b9a38d1ca7849b7475a636b2b9

  • SHA1

    904fc47ca8993129240222c691094538dcab0636

  • SHA256

    83ec4fea7725a549d0b51f38b074623f39da3de5a9caf2b866664d0de60a5e52

  • SHA512

    413e8bc089b98c74d75fe8a96d1af96f9fc42db43f7c0f056b1cdd2f363d83efbf472bf9e6f1dd42bd3c2b4e7b4bd7098dd41ba80aa91a2e07db5e5a4b429ed1

  • SSDEEP

    6144:vL79OHITAvFv9xRv0rCSc4ONSai/fF3AKYpns:D79Ornp0OA7L/FAbs

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\59c122b9a38d1ca7849b7475a636b2b9.exe
    "C:\Users\Admin\AppData\Local\Temp\59c122b9a38d1ca7849b7475a636b2b9.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3004
    • C:\Users\Admin\AppData\Local\Temp\59c122b9a38d1ca7849b7475a636b2b9.exe
      C:\Users\Admin\AppData\Local\Temp\59c122b9a38d1ca7849b7475a636b2b9.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\59c122b9a38d1ca7849b7475a636b2b9.exe
    Filesize

    200KB

    MD5

    40c478f927b440ad1b94057cca6a0f5d

    SHA1

    7f61e794662997211f95742d7c82b02037466baa

    SHA256

    394f2583a062bc55607161e6cd6ececadde3df0e0affcf61eba6bca6d439f4d8

    SHA512

    78c40689b5e0e24b041b3189a9251fbbcc7e45c2bbe3233c437eef4c4dc32ee75076ed38b735eb3f9524f9cd7b12fc924fc123d0936491cad0350105be96c71a

    Download Submit

  • memory/2140-18-0x00000000001D0000-0x000000000021C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2140-21-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2140-25-0x0000000000340000-0x000000000035B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2140-24-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3004-0-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/3004-2-0x00000000001D0000-0x000000000021C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/3004-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3004-15-0x0000000000380000-0x00000000003CC000-memory.dmp

    Filesize

    304KB

    Download

  • memory/3004-14-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download