Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1f6dbecec1...d3.exe

windows7-x64

7

1f6dbecec1...d3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 23:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f6dbecec1e7a5417fc90d7a84e6e8d3.exe

  • Size

    1.9MB

  • MD5

    1f6dbecec1e7a5417fc90d7a84e6e8d3

  • SHA1

    152bf10fd6c5a38fc225206d18d9328fbcab3455

  • SHA256

    714888954bac94ad362601f809bd868f671a898af1c2b7f3b09adb1ed2fedc9d

  • SHA512

    1b6169a3903ff0491b43d965c8afb0faad55353e32afa6088f99367bf290c8f6446bd38c6bf5b10490137f7052ea3bcc2632f4685a7bd4ff1cce4260fca61793

  • SSDEEP

    49152:Qoa1taC070di316t2W8mNYGN4iBFpuet0Tgb5qXaS:Qoa1taC0pRmyelBG+qXh

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f6dbecec1e7a5417fc90d7a84e6e8d3.exe
    "C:\Users\Admin\AppData\Local\Temp\1f6dbecec1e7a5417fc90d7a84e6e8d3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4388
    • C:\Users\Admin\AppData\Local\Temp\490F.tmp
      "C:\Users\Admin\AppData\Local\Temp\490F.tmp" --splashC:\Users\Admin\AppData\Local\Temp\1f6dbecec1e7a5417fc90d7a84e6e8d3.exe 88B26F8D0A9650727D96E396BAF27D89E7AC5F702854BA5B220B1337D7CC08AE74D0AC25475AEFA6D62F78E11A61D646B77FC26563D54A65353A87383D3CD0BD
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\490F.tmp
    Filesize

    1.7MB

    MD5

    9416322dd964ad11b6752c1d9a6263ae

    SHA1

    f25278a1458f8be02b45153bf1fb09fbae71e8f1

    SHA256

    66c8db91adad51630d93d495d336192f11659103e209947c77b3449b5fbac88e

    SHA512

    d46bac2dd49a61b28110580fea5ce76ef61ab4e1048192fbb6641c742d748e993ea54b5396002727d7624232c24cabf5e43acba79ba147a502fe29a3d3a35bca

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\490F.tmp
    Filesize

    1.6MB

    MD5

    34c8b2d2c3ed54426c9211ea429ad9ed

    SHA1

    a4361e9f4d2ec57b2744ab2a7aad1a81510559c1

    SHA256

    375b96912dae5879ca40858faaf67f74f2cb66c825e19eef479d919013e4898e

    SHA512

    2efc3fdc411f8a655d5261a55c7f897447738cacac317768dd2ba332168373005fd16eeaf9aea5ebb362376efe05040b8db7c5cd381e5b8b8b31ec4c6fc5855d

    Download Submit

  • memory/3224-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4388-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download