Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

05f32bffbd...94.exe

windows7-x64

7

05f32bffbd...94.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    166s
  • max time network
    171s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 22:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05f32bffbdf021bf8cf2c36f85fa5494.exe

  • Size

    1.9MB

  • MD5

    05f32bffbdf021bf8cf2c36f85fa5494

  • SHA1

    944bfc5159b0bdb2a0914e549d9a29cab1d76f14

  • SHA256

    85fa1cd0645678ad7d5481a1ac09d6665c695aad27bda1d9e22d231f86eb516a

  • SHA512

    9d166ac0264902d6e3d6b39e25428c59ae59b1c04788636a4b4cba98a65ac2c3e3b2785347cd806e5ea005809c8e65ce20927d87beb8f24a38f8653485a9a8b4

  • SSDEEP

    49152:Qoa1taC070dJm5EIBWx0FKL4gr6VNWDfxvHCr9KbI:Qoa1taC00mzYyq4NVNWDZfI

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05f32bffbdf021bf8cf2c36f85fa5494.exe
    "C:\Users\Admin\AppData\Local\Temp\05f32bffbdf021bf8cf2c36f85fa5494.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Users\Admin\AppData\Local\Temp\ECC1.tmp
      "C:\Users\Admin\AppData\Local\Temp\ECC1.tmp" --splashC:\Users\Admin\AppData\Local\Temp\05f32bffbdf021bf8cf2c36f85fa5494.exe 73635F07C44FE40D8E552D3E82B2C011BE936E60A4129C4F1DB101B92C085EC83B7BBAD49CEA2D3CA540312641AEA4DB18454D8880EA62ECB4AA749E1D5FAD7B
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ECC1.tmp
    Filesize

    209KB

    MD5

    849ed59336dcc9ca5178eb5244933922

    SHA1

    0685c45cdcfd48654a2b9e67e4ea6cbb2b3c3ed3

    SHA256

    8910358d66a3c1e0c4a867b31b9b016de0fc150544822d2696306bcb06b04178

    SHA512

    1bab76c7a9d48a5a18f88686a3570a78bffdfb42cf7edf1cf469b2966264272fab0e180fccf86f18b8aceff2da3bc082e7ef9f593ffbf5c388d8d4f837bc13c1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ECC1.tmp
    Filesize

    271KB

    MD5

    2803497f85b8828a9549e3b2f9e82557

    SHA1

    136d87a724f0440b78b50fda6bd7b4c93f5c9509

    SHA256

    293ba1101a84eb0b8b1380bb9993a51fef661dc6a5644a0220d6799969c59d3a

    SHA512

    feb349996cddeebef9cc99f516193b977980e435b6d418633b303083a519fe58e8a363382986e233007a866ef43d1410f1a5f6be98fb7989d4cab5d3c8f1148b

    Download Submit

  • memory/1708-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2332-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download