Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

5d417eb93b...69.exe

windows7-x64

7

5d417eb93b...69.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 07:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5d417eb93be5160bff149e97f1a49169.exe

  • Size

    43KB

  • MD5

    5d417eb93be5160bff149e97f1a49169

  • SHA1

    45a005a1b4e5d440155d8a80ae2c3c625a603fdd

  • SHA256

    bddd019944f8d1a5d33bde6c3204e040d7e64ff04ac1b6e4b27a7dec051e032c

  • SHA512

    8187efc3cfc9db0d2de3e984d8d856091bbf7c549325cb0bcad58bf6802e73dd8feb2649d7eac4e8ff9c218f82f4f509ee563c63c73661f7dcdc0318966a17c0

  • SSDEEP

    768:iYeeUpWzliDQvxAtl5fnRgozzWUgnPHcyoU30/oZfc9MmhTAWJRVuNE7ag+x:tDpAP9nWUkPH7o20/afc9M8TAwI0W

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5d417eb93be5160bff149e97f1a49169.exe
    "C:\Users\Admin\AppData\Local\Temp\5d417eb93be5160bff149e97f1a49169.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2696
    • C:\Users\Admin\AppData\Local\Temp\5d417eb93be5160bff149e97f1a49169.exe
      "C:\Users\Admin\AppData\Local\Temp\5d417eb93be5160bff149e97f1a49169.exe"
      2⤵
      • Suspicious use of UnmapMainImage
      PID:2676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2676-8-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2676-7-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2676-4-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2676-2-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2676-0-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download

  • memory/2696-12-0x0000000000040000-0x0000000000051000-memory.dmp

    Filesize

    68KB

    Download