Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

04ecfc6272...e6.exe

windows7-x64

7

04ecfc6272...e6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    131s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 21:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04ecfc627270e30979bbda808252cbe6.exe

  • Size

    2.9MB

  • MD5

    04ecfc627270e30979bbda808252cbe6

  • SHA1

    d27fe3576cdb9766773039d5fadb3b8a2e8d402c

  • SHA256

    50385d9912fca398c568147f5103b1436f433216f6f896395bbd664e1fc293e6

  • SHA512

    d64127cffe41c251c8a6c7456d0abd4c4986175566f54f3f3ed9498df69e6f3aa7c6842ea02543305edd96f5281920af83175d26dc602ecdf5318dcbb9facd9b

  • SSDEEP

    49152:Ivb3VJZZgvs5dBvs0mgP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:Ivb3VJUs5dBTmggg3gnl/IVUs1jePs

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04ecfc627270e30979bbda808252cbe6.exe
    "C:\Users\Admin\AppData\Local\Temp\04ecfc627270e30979bbda808252cbe6.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:568
    • C:\Users\Admin\AppData\Local\Temp\04ecfc627270e30979bbda808252cbe6.exe
      C:\Users\Admin\AppData\Local\Temp\04ecfc627270e30979bbda808252cbe6.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\04ecfc627270e30979bbda808252cbe6.exe
    Filesize

    385KB

    MD5

    6efd2ab684afdadcebb35c40527abcca

    SHA1

    0abae7c152b4e862e2c60a348bccfa0df8c35df0

    SHA256

    f19f0a49288682cadd07207f79b6dd9f9ee23da164daf2002d5e3a9495fd8206

    SHA512

    b037b21a42d21ecaf2a000239af647b46ccbf1ba764855761e14b19a8d7eb0b2f1ce6bac64dd58b45edf43cc0cd235d0003e2481a138e4e126afe1d96ce5a74c

    Download Submit

  • memory/568-0-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/568-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/568-2-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/568-12-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1664-15-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/1664-21-0x0000000000400000-0x000000000061D000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1664-20-0x00000000055D0000-0x00000000057FA000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1664-14-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1664-13-0x0000000001CD0000-0x0000000001E03000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1664-28-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download