Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

6f9f0a5b1f...41.exe

windows7-x64

7

6f9f0a5b1f...41.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 12:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6f9f0a5b1f55e4c07030580c31206e41.exe

  • Size

    57KB

  • MD5

    6f9f0a5b1f55e4c07030580c31206e41

  • SHA1

    13fb059d26945f806ace95244061ae36fcaba1ff

  • SHA256

    218a8b410132f605accdbf050f7e50a34d602a787386f035b28eaaa24775dfe8

  • SHA512

    25aae7d8db468d43a5a5d5002befaea6bf6364f9a81a0a5531e3a64e4f009143820f7dbc99bfc6ff8e65fbc40c40d6fc4bb5ec136792102ba2b9a82d589178ab

  • SSDEEP

    1536:qwzT9AgyEu6UzWyDBpkDmgY6dtr0/KHQgyVbQ:WgABCDmCtrB0Vs

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6f9f0a5b1f55e4c07030580c31206e41.exe
    "C:\Users\Admin\AppData\Local\Temp\6f9f0a5b1f55e4c07030580c31206e41.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4168
    • C:\Users\Admin\AppData\Local\Temp\6f9f0a5b1f55e4c07030580c31206e41.exe
      C:\Users\Admin\AppData\Local\Temp\6f9f0a5b1f55e4c07030580c31206e41.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\6f9f0a5b1f55e4c07030580c31206e41.exe
    Filesize

    57KB

    MD5

    a45d9b87acb3912582b6dd0a7b0797b5

    SHA1

    3b49ff4ed0f1a9c7df1a473874fc387358e3da20

    SHA256

    efdccebd499d01eabb332c98ab91c16a469b15d2d043366faff8f9fc2a7f1a2f

    SHA512

    54be5d342dc8e3a7cc07278aad8325332a1810cf2ed08f4d3c9add8e6f1b877b7e391f23e5849562656a23e7a1b82dd7c80a959d894237219eb7b1d1d6cc5913

    Download Submit

  • memory/1128-13-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1128-14-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1128-25-0x0000000004D80000-0x0000000004D9B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1128-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1128-16-0x00000000001D0000-0x00000000001FC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1128-26-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4168-0-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4168-1-0x00000000000E0000-0x000000000010C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4168-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4168-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download