Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

79025f8ce6...27.exe

windows7-x64

7

79025f8ce6...27.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 15:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    79025f8ce6e83f1d74ccef3c1b3fc227.exe

  • Size

    12KB

  • MD5

    79025f8ce6e83f1d74ccef3c1b3fc227

  • SHA1

    c35cc7cec2733ee39f3e5a265f97b56664e91b37

  • SHA256

    e4d6af95ec6534bf12a9c32517abc9d4e98aeed62cf28934de293dcbcca8c591

  • SHA512

    af89e4eb3dbf9a5da35a627335a28d48b5093810d1f39e1a648c3b0eab3b0ad296eac9eee6aa17ec999bb28c671b67c39fffdfb2780c8081c575ce360335a704

  • SSDEEP

    384:jm9zDrAR4WWlro9ctdflCU52iGJwsAaO5zQ:jusrWlkyPfV5HG2s9O

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\79025f8ce6e83f1d74ccef3c1b3fc227.exe
    "C:\Users\Admin\AppData\Local\Temp\79025f8ce6e83f1d74ccef3c1b3fc227.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2912
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c delself.bat
      2⤵
      • Deletes itself
      PID:3052
    • C:\Program Files\svohost.exe
      "C:\Program Files\svohost.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\DukeGame.dll
    Filesize

    10KB

    MD5

    3aea6d8639e983d576ba8994fa0fac72

    SHA1

    ead9df0b4467eb257896d5119606d8c15377402e

    SHA256

    b14e5db5b92249653f77b012d192f0a9b38be32015644971c91599047dc90621

    SHA512

    440b2347c18f1431f68133014a0d26430b2e996f78d61e36e278a3fc7d9e413269b63401498520676f6f54f99a17d12fb09a793ae6b4ee00605d79991cb5b877

    Download Submit

  • C:\Program Files\svohost.exe
    Filesize

    12KB

    MD5

    79025f8ce6e83f1d74ccef3c1b3fc227

    SHA1

    c35cc7cec2733ee39f3e5a265f97b56664e91b37

    SHA256

    e4d6af95ec6534bf12a9c32517abc9d4e98aeed62cf28934de293dcbcca8c591

    SHA512

    af89e4eb3dbf9a5da35a627335a28d48b5093810d1f39e1a648c3b0eab3b0ad296eac9eee6aa17ec999bb28c671b67c39fffdfb2780c8081c575ce360335a704

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\delself.bat
    Filesize

    86B

    MD5

    d92f32ee92c06a3fdb4ed1dc326d87f1

    SHA1

    54998e02e38e0c6a35730753e8a56783a7bdd170

    SHA256

    8a8be4804fdd38bde3bfae055fe080e3924c480e39574f21021b04856ce9f6ed

    SHA512

    ef397b62086b080821e1d574bd6ba0cb6c554122217238d48ec64f8f78b88bd3a1e32ac14f6021dfa31632bdfe88ec8d3cd59a8e9abe1d05251b58b977472d62

    Download Submit

  • memory/2912-22-0x0000000000400000-0x0000000000410600-memory.dmp

    Filesize

    65KB

    Download

  • memory/2912-13-0x0000000000220000-0x0000000000231000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2912-9-0x0000000000220000-0x0000000000231000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2912-0-0x0000000000400000-0x0000000000410600-memory.dmp

    Filesize

    65KB

    Download

  • memory/2980-21-0x0000000000400000-0x0000000000410600-memory.dmp

    Filesize

    65KB

    Download