Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

04ae1c325e...c6.exe

windows7-x64

7

04ae1c325e...c6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    76s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 21:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04ae1c325ec51afcc468a4733236f0c6.exe

  • Size

    312KB

  • MD5

    04ae1c325ec51afcc468a4733236f0c6

  • SHA1

    f04706e45f003ffecd35783caf9862613ec438e3

  • SHA256

    5f529d1d9977e5beea8d25fe3244ef7d51e31089f7539a91188d50ef52964523

  • SHA512

    94f000d87b7fc1bd283e2b6aa41059ab16204517c9d02aecad34c8a8aea41a084826a457c1c5312f392ab3ba50c6981889e06c083e051e016ca4b692dc97f9db

  • SSDEEP

    6144:Uo35D99Pd1E6dqi4paDrd1E6dqi4py5Y9rN4ShcHUaB:HPEynbEy1RvUaB

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04ae1c325ec51afcc468a4733236f0c6.exe
    "C:\Users\Admin\AppData\Local\Temp\04ae1c325ec51afcc468a4733236f0c6.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1112
    • C:\Users\Admin\AppData\Local\Temp\04ae1c325ec51afcc468a4733236f0c6.viv
      C:\Users\Admin\AppData\Local\Temp\04ae1c325ec51afcc468a4733236f0c6.viv
      2⤵
      • Executes dropped EXE
      PID:2160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\7-Zip\7z.exe
    Filesize

    856KB

    MD5

    fa0318a52baadc08a2e3a7b8e343e288

    SHA1

    3affe7766afe80dd922542e16c38cc5f79a86639

    SHA256

    2359768934e5265779435ee0b7ebc7208d8de77984ac0825828a8125ffbed45b

    SHA512

    1dc116afc1057a2bce70545e110dece69064c781a1e5043e137aafda69b73a275d25122bf955fed191359aca79c95d9510dd5263560a4b146336474f9d7135b1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\04ae1c325ec51afcc468a4733236f0c6.viv
    Filesize

    140KB

    MD5

    1793928d1c8daf03a8b67a60a0ffbd93

    SHA1

    c777c5be2321bf493877efef590eec8c822e2072

    SHA256

    84a2bb3191f370ba456dd8637e08cd47ef1c80a54d081881cd1e16a8c67f0238

    SHA512

    64ef94fb34b637c5d40878f4d3b0db7f2d74e89be35fca959ee9354cdf8f5bd61d90e8aa1ff795ddafe60ba5d1a0d4b57c41b1bf8750d24d685aa98f4142c11a

    Download Submit

  • memory/2160-7-0x0000000000230000-0x0000000000258000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2160-8-0x000007FEF5310000-0x000007FEF5CFC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2160-9-0x000007FEF5310000-0x000007FEF5CFC000-memory.dmp

    Filesize

    9.9MB

    Download