Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

04c24cc109...15.exe

windows7-x64

7

04c24cc109...15.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 21:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04c24cc1091e8c77b08d225099783c15.exe

  • Size

    1.9MB

  • MD5

    04c24cc1091e8c77b08d225099783c15

  • SHA1

    687086725d9e0bbb657fbbe655518f29d5a6cf3b

  • SHA256

    df03e279bbd112ddf2c54577f70e0f0b0595b1a18e5168ed5c6db4aee82969ef

  • SHA512

    562fb2a3f21476142757712d796aa93972936430dcf6f56138db691a2c45ae5dc74941cc3c961097d9fb6df1a22d2b45a61329b0975eca2da3acb1b34b04d4ef

  • SSDEEP

    49152:Qoa1taC070dzrXpGBdqXl13eDffLrLqW89Wr:Qoa1taC0AXaqbOrjrO2

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04c24cc1091e8c77b08d225099783c15.exe
    "C:\Users\Admin\AppData\Local\Temp\04c24cc1091e8c77b08d225099783c15.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Users\Admin\AppData\Local\Temp\511D.tmp
      "C:\Users\Admin\AppData\Local\Temp\511D.tmp" --splashC:\Users\Admin\AppData\Local\Temp\04c24cc1091e8c77b08d225099783c15.exe 33EF0D6E869EACAE7B7609656EB6E41477AD6975EC0E8189D9F850070CB71CCD306A52A407ACA1787E043B2F02EF5E83308CC19E001E3CCB1A26273A564C189E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:5100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\511D.tmp
    Filesize

    175KB

    MD5

    57ba2ffdf17c4401f592189cc9f02509

    SHA1

    29e182801b4f407217dcfe7be7910757c9924c4f

    SHA256

    0a5c311c8036f017dbef3afe78e1551c7d3642bdd8ee2bce3010a4fdf64aad72

    SHA512

    5af59c796472985949da75633750be63097627bdd18bfc3617d566fe981bd367d5e8ceee0a092ed3f61c5b7147b836e4db3f095a60c4cf0626168da0b99ae981

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\511D.tmp
    Filesize

    92KB

    MD5

    6e1ade04ace562019dbec7c80c9e402e

    SHA1

    04916d71593e6767c16b8a3dc34fc62557dc474e

    SHA256

    2c28bfbad146c1ee725595e00c7e1230f737265ad3801a01c220d16a0d0e9f35

    SHA512

    f03d1cb741a8f4a928201ac9d15038f234a5cd71a890c7001e5b9a19503149995c7686be9e9d19ccbe5757d752bfe541a60f819382b8aa579e3564c6c140ba38

    Download Submit

  • memory/1672-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/5100-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download