Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

01f95ee794...22.exe

windows7-x64

7

01f95ee794...22.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 19:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    01f95ee79478bf8869e6902683b1b222.exe

  • Size

    385KB

  • MD5

    01f95ee79478bf8869e6902683b1b222

  • SHA1

    20bb98c8a3e03a436404839b2a6aa949d9bc3df0

  • SHA256

    f1c7eac6834496dd3bedd4cfed7bb23f9d260389c81cd33df92d1d4aebe3b57d

  • SHA512

    17787744d171e9ae50ebaed271aff2770d90614d40feeaa49b3175081007994027c30957ceadbc0b52b54c3ec38dfc242eb0047df3b03339ad8cacba2424aaba

  • SSDEEP

    6144:/zhPi5e31VOKtttU31Dq145tR6RVDaL1RW1tcXrIB5CCPx624np+iftnwB:VPWe31Ptm1B96RpSRW7cXY5awimB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\01f95ee79478bf8869e6902683b1b222.exe
    "C:\Users\Admin\AppData\Local\Temp\01f95ee79478bf8869e6902683b1b222.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3224
    • C:\Users\Admin\AppData\Local\Temp\01f95ee79478bf8869e6902683b1b222.exe
      C:\Users\Admin\AppData\Local\Temp\01f95ee79478bf8869e6902683b1b222.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\01f95ee79478bf8869e6902683b1b222.exe
    Filesize

    106KB

    MD5

    b23dffcdc2f092bb77c7da9d26c2ce7a

    SHA1

    ecd2e6d07990c7505bf429ec45b29cca0ea4786d

    SHA256

    93d95dd4f3474f7111e50b834eecee04412fb10c6cc031a4b4a25b36b0986e2a

    SHA512

    d2a21ddb06a49edb17733123ae1049fd4677843e4ce5451bd5eadfd2c59a8360203f6403c077710e991a5219f385de9b8bab340d36ff67737482354bb0267741

    Download Submit

  • memory/3224-0-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3224-1-0x00000000015A0000-0x0000000001606000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3224-2-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/3224-11-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/3764-13-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3764-14-0x00000000014D0000-0x0000000001536000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3764-21-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3764-20-0x0000000004F00000-0x0000000004F5F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/3764-32-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3764-37-0x000000000C620000-0x000000000C65C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3764-38-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download