Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

079fc54e48...02.exe

windows7-x64

7

079fc54e48...02.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 23:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    079fc54e48dda546687aef93108d4302.exe

  • Size

    1.7MB

  • MD5

    079fc54e48dda546687aef93108d4302

  • SHA1

    bcc26d92547904fc3737eb92ac100f9252df7ee6

  • SHA256

    2c05573f52b2d86226e7b162da397e2bb05b65f220d29898fe9015d0d3f0a77a

  • SHA512

    3301b7db8d596db6531c25a1932f6851a388499cd4cb06e2a2b997f8180484de4203d8911622b5235b2b29c6c2ac75bb6b074def17e4c50178ce19720ac4f9cb

  • SSDEEP

    24576:dgdhhQGGnnazLpj4VHogiuGYNycAavew3mwmI1nk30sKbcGOyRW9ZHXE:dqgazxcGYN139lnk30rT

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\079fc54e48dda546687aef93108d4302.exe
    "C:\Users\Admin\AppData\Local\Temp\079fc54e48dda546687aef93108d4302.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Program Files (x86)\juwg\lgxlcwmxefcpy.exe
      "C:\Program Files (x86)\juwg\lgxlcwmxefcpy.exe"
      2⤵
      • Executes dropped EXE
      PID:2564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\juwg\lgxlcwmxefcpy.exe
    Filesize

    572KB

    MD5

    11e3b0ef57add07337ea70bd7ef179d9

    SHA1

    67fa92e1fc4982b31f6d0011934c003a3214e34b

    SHA256

    d3060d05e0946bb525de3d7a5e71e57543ef661dcdfda2557cee2134e040c440

    SHA512

    601dba64537714c3a27336eab4b351b6db2501252c0891672f6a5c3145b20725d7599c99a88942913f56a825ff61eced8cb84e32256b2d771407ae1fa4c01ded

    Download Submit

  • \Program Files (x86)\juwg\lgxlcwmxefcpy.exe
    Filesize

    1.3MB

    MD5

    74ffd71a25966f9f4d71d371ee78381d

    SHA1

    f8a302ac6ed7c792294782de76780aa54fbab1a4

    SHA256

    74302e83d494a29d80c1896b80d7a88941db717aa879e28ee8882df765ad50e4

    SHA512

    26a3c01078ec3c092b4010c73a942182f7f44e64a5995dd12bfb9d611d4a82e2afa2cfeeb7608946f53dd4a70d61318ba683dc40de1edaa24ec4ed63629922a3

    Download Submit

  • memory/2564-6-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/3000-4-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download