Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1dfc5a4ef3...7b.exe

windows7-x64

7

1dfc5a4ef3...7b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1dfc5a4ef362def6e56ae0dd75ae617b.exe

  • Size

    1.9MB

  • MD5

    1dfc5a4ef362def6e56ae0dd75ae617b

  • SHA1

    65319d0ad8054878b0e126735a28424214f7246a

  • SHA256

    1849d5e2c31ede164c3e6d10d85fdfbee1c617cca03bdc111d2c557d8c003463

  • SHA512

    c82cd76eadb837ccc76422e2b13f61737cf9b22262571e427e05afb50426b132f10e14e5768fd8c9a1687cab3d2d95f070b47c8ffc612b2236ebd74633f1f145

  • SSDEEP

    49152:Qoa1taC070d4Q0dY77232Ijt3TSJMNb4lqNXdAFp3D:Qoa1taC03QX72NZTSywYXsD

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1dfc5a4ef362def6e56ae0dd75ae617b.exe
    "C:\Users\Admin\AppData\Local\Temp\1dfc5a4ef362def6e56ae0dd75ae617b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2224
    • C:\Users\Admin\AppData\Local\Temp\1D22.tmp
      "C:\Users\Admin\AppData\Local\Temp\1D22.tmp" --splashC:\Users\Admin\AppData\Local\Temp\1dfc5a4ef362def6e56ae0dd75ae617b.exe D783E785B7B6B7CC7EEA1B9354AAB7F14B26F2B35CDDDD3599376DFC92322EA8B17CE5B4008BF2F1EC387F98EB21C5754D8402B1A25D19754BA1787A64F62D48
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1D22.tmp
    Filesize

    1.1MB

    MD5

    f5e33918d4109b01ec7417f25a4d7819

    SHA1

    aed3726b9b4219e7e9a8be7beff0ea3958b953c5

    SHA256

    83b67aaa666dbea9e6f1917df16aa641792db2d1c9a849e25a25b2bf744fba03

    SHA512

    891b5254182ea939af8bb452d38a72742d356262138a7a5aec12244d0e111d073d568c520b81ad19b27a1402135f6968f1e84c51cdc73dc8b3c5adb2d06789f3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\1D22.tmp
    Filesize

    896KB

    MD5

    94d25a7268c4f9e0b9be7dd05f977e27

    SHA1

    40ca23812cbb21b4333ed38dcc307c04ff7371d4

    SHA256

    f939d3367de90a3f1dfa63e9f83f2ceb0e8b062ea5ceda795b37ecce4687e6e3

    SHA512

    d41c1dab95456ce6f99b54ae46e889a9547614381d2d86560343c260c2b33b0c1474425b271d97e4fc9cee1cfdcd4d4e95ae7a8d41679ee9370621b4e819e99d

    Download Submit

  • memory/1964-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2224-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download