Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

007037a8c5...be.exe

windows7-x64

7

007037a8c5...be.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 18:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    007037a8c51f463b92e1c802d23196be.exe

  • Size

    82KB

  • MD5

    007037a8c51f463b92e1c802d23196be

  • SHA1

    095766e06f5b70b18b38d23cdf38c51e16a06bb8

  • SHA256

    af2776260fb74d9d4723d1e127902b17dd07e8c359cc3cd4abb6383598c39ccd

  • SHA512

    1ce5515ffec6512076e1ff1c657d48e8325a8ea3e6cf1325a928c22273840f1bcd55eca90ddaf063237c34a478306cae3dd96a14227d16c93527169b7df0e866

  • SSDEEP

    1536:m72T0DE30GCXx7Fxs0rK4E9pe0s9ducdoajXxwQzsGTT5gdUO:1T0Z7BFxs0O4WiZjDIGhgdr

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\007037a8c51f463b92e1c802d23196be.exe
    "C:\Users\Admin\AppData\Local\Temp\007037a8c51f463b92e1c802d23196be.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2476
    • C:\Users\Admin\AppData\Local\Temp\007037a8c51f463b92e1c802d23196be.exe
      C:\Users\Admin\AppData\Local\Temp\007037a8c51f463b92e1c802d23196be.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\007037a8c51f463b92e1c802d23196be.exe
    Filesize

    82KB

    MD5

    84c2ddd5cd62beaf2c5ce4c1a3b00e12

    SHA1

    b2f49ba3380b378b43d01d7d1b308441091e92f3

    SHA256

    ef6282bcd3ef59e6629db6cc2120d5571f15b22cf82bf3c297762f17ad6371c0

    SHA512

    370eab43123f8bf0a5d83e5002e43e7e0248e710d7369d06b91c50f1e8a0d092292a4a57bce398fddacf69a3bbf21543088c3126bdfbdb875114dc71f43b5197

    Download Submit

  • memory/2352-16-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2352-19-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2352-23-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2352-28-0x00000000003E0000-0x00000000003FB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2476-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2476-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2476-3-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2476-14-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download