Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

6f9f0a5b1f...41.exe

windows7-x64

7

6f9f0a5b1f...41.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 12:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6f9f0a5b1f55e4c07030580c31206e41.exe

  • Size

    57KB

  • MD5

    6f9f0a5b1f55e4c07030580c31206e41

  • SHA1

    13fb059d26945f806ace95244061ae36fcaba1ff

  • SHA256

    218a8b410132f605accdbf050f7e50a34d602a787386f035b28eaaa24775dfe8

  • SHA512

    25aae7d8db468d43a5a5d5002befaea6bf6364f9a81a0a5531e3a64e4f009143820f7dbc99bfc6ff8e65fbc40c40d6fc4bb5ec136792102ba2b9a82d589178ab

  • SSDEEP

    1536:qwzT9AgyEu6UzWyDBpkDmgY6dtr0/KHQgyVbQ:WgABCDmCtrB0Vs

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6f9f0a5b1f55e4c07030580c31206e41.exe
    "C:\Users\Admin\AppData\Local\Temp\6f9f0a5b1f55e4c07030580c31206e41.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1868
    • C:\Users\Admin\AppData\Local\Temp\6f9f0a5b1f55e4c07030580c31206e41.exe
      C:\Users\Admin\AppData\Local\Temp\6f9f0a5b1f55e4c07030580c31206e41.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\6f9f0a5b1f55e4c07030580c31206e41.exe
    Filesize

    57KB

    MD5

    f179dede0a2a6f6c882f82c15cf1c56f

    SHA1

    151ffb73c6b52d2332e6ad8a7f51218182ad9b2c

    SHA256

    263e0f50d591c8cf36fca0ba313d910798a853649e246ff953cf7212369b0622

    SHA512

    6269ad6e82393800efc88d7d3038d3a7f804aefa0e4bae2c096f03585e833e005b6d5913ac16f250a37f57398fe303a0a3d5d6192bd090ed7732b8b9e5591e6c

    Download Submit

  • memory/1868-0-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1868-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1868-5-0x0000000000140000-0x000000000016C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1868-12-0x0000000000190000-0x00000000001BC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1868-15-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2516-17-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2516-22-0x0000000000140000-0x000000000016C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2516-23-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2516-28-0x0000000000190000-0x00000000001AB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2516-29-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download