Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1d7a6c2872...e6.exe

windows7-x64

7

1d7a6c2872...e6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 21:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1d7a6c287212cc8db18700695d3356e6.exe

  • Size

    592KB

  • MD5

    1d7a6c287212cc8db18700695d3356e6

  • SHA1

    b3cc8232f4a445c9dc035d38bc24cdc4f84e285f

  • SHA256

    7e58ccda1c21273054defd9e4adaa769a96ad92fc92dd489c661627b0a183e78

  • SHA512

    209f05021bf9145899f2d547fd113e31c959c8e7d74cd363f544a65d9eece248b50a275513d974f2366e3c0397d9db9e23ddfde67c789e9ee555e2ed8202a5af

  • SSDEEP

    12288:MLry/neyx7f/A64j7P+tixhT8n3qBmc1YkVYcrKZnfJPE:qKeyxTAJj7P+yW6mc1YgeZfZE

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d7a6c287212cc8db18700695d3356e6.exe
    "C:\Users\Admin\AppData\Local\Temp\1d7a6c287212cc8db18700695d3356e6.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:4760
    • C:\Program Files (x86)\ohziw\kqv.exe
      "C:\Program Files (x86)\ohziw\kqv.exe"
      2⤵
      • Executes dropped EXE
      PID:4568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\ohziw\kqv.exe
    Filesize

    610KB

    MD5

    35c72ec6b3f287e11c0d5546916ee344

    SHA1

    6ae7e63643967a203f0add12bb9f349e7cfeb3e4

    SHA256

    9e24f11916a82db30ad5c87757a018baddf9297104a8106360342ef6913f1835

    SHA512

    db211e53c24eb008fee2b1e25f9db520a3540a48a27ce5d3e5a19344e6e4f3e40a3ec0dc249b691053c06ec945b06f3042ffec90d6882dd0cfcb487352aa24cd

    Download Submit

  • C:\Program Files (x86)\ohziw\kqv.exe
    Filesize

    382KB

    MD5

    8293303248329351a484cf4e7f0c0241

    SHA1

    e82fb6b4fe894d2b7248ae8e3bb0e7fe29f7a08a

    SHA256

    c4a8f7fc74eabaf8dc06e1956a2cb1398668fa098faac1437b0454d172f2f7bb

    SHA512

    8d56811c3d192b204fd4ce36629a3ff6e83c9943afc3e04041bc41e66945f35b3585079ab6ce8e9f964820fed5391515b65a71c50fdae113dfe5e466efc10e51

    Download Submit

  • memory/4568-9-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/4568-8-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/4760-0-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/4760-6-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/4760-1-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download