Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

00635c23c5...fe.exe

windows7-x64

7

00635c23c5...fe.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 18:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    00635c23c53d70b01d08c709bf2281fe.exe

  • Size

    1.9MB

  • MD5

    00635c23c53d70b01d08c709bf2281fe

  • SHA1

    fd6f4aa5839045b4ccd1384f472257a16b5c1cd5

  • SHA256

    0ad276e88c7f459cee2e414dcf1af08cb7735ac0e584c9db03f36cef774a0558

  • SHA512

    67e44296d4741cd1491d712fcedec8ae7ff28b6b048523b374f46d9a44536a96f85864a7bb3c8da4ac50af9ec79060666620aa05000c8fb0593eaeb372d4a582

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10doiqP89AFe1KXzKW9Yp7IL0ogkuqX8le9fdrx:Qoa1taC070diRzKBWRuqgctInSlrOpE

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\00635c23c53d70b01d08c709bf2281fe.exe
    "C:\Users\Admin\AppData\Local\Temp\00635c23c53d70b01d08c709bf2281fe.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4792
    • C:\Users\Admin\AppData\Local\Temp\5266.tmp
      "C:\Users\Admin\AppData\Local\Temp\5266.tmp" --splashC:\Users\Admin\AppData\Local\Temp\00635c23c53d70b01d08c709bf2281fe.exe 62F923799157C649199D26386C53B06F7A5E0A5DF92C2B5E378A500C0F8AC5025310B65956C8C175231C4CA35D02DA2F5666F1F1835E8FE9DEDB812CFBA9BE4A
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5266.tmp
    Filesize

    1.9MB

    MD5

    7bd15db44f8de2d2e1377bad24ae6a1f

    SHA1

    144c9c300187cf111d851814fc5db540adbe9d7a

    SHA256

    f10bd849b9f114c29dad6229364cc5ff5a7dde22932b2809e8db0bdf924c86d9

    SHA512

    d51dc06693b8b0c29012e8e38a7a25705aec7078b0da92541c50c3bf8c0c9f3a2e761650119959fbeb031ec83dc7ef78508ac998ab9203faafc3bae3d037cdec

    Download Submit

  • memory/2980-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4792-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download