Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

201c7371c7...9f.exe

windows7-x64

1

201c7371c7...9f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 23:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    201c7371c7a3b62d9402a4e74dc5939f.exe

  • Size

    744KB

  • MD5

    201c7371c7a3b62d9402a4e74dc5939f

  • SHA1

    f6d2da17dafb1ee99cb6d897082a385e7093095b

  • SHA256

    5bf65b271984d54f5d760a2602abcdfb8c05d0f58bb6e96917e9a671e7a378c7

  • SHA512

    77e52879216a72a654f13f8084dc16641613ff5e20cce487fedfcd7a00fef4cff4ffa44eb8dc5035d544250ff74c5a3cc34c8c9a874dadaeee5f6a0e438ad514

  • SSDEEP

    12288:uaHc64b888888888888W888888888889jscV7TdjL47zdU5imqsX3sv33rD+zG/I:F86IIW7uvmQBsHUezG/aYFkJR30F6rph

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\201c7371c7a3b62d9402a4e74dc5939f.exe
    "C:\Users\Admin\AppData\Local\Temp\201c7371c7a3b62d9402a4e74dc5939f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2732
    • C:\Users\Admin\AppData\Local\Temp\is-SO7CA.tmp\201c7371c7a3b62d9402a4e74dc5939f.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-SO7CA.tmp\201c7371c7a3b62d9402a4e74dc5939f.tmp" /SL5="$401CA,371795,121344,C:\Users\Admin\AppData\Local\Temp\201c7371c7a3b62d9402a4e74dc5939f.exe"
      2⤵
      • Executes dropped EXE
      PID:2764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-SO7CA.tmp\201c7371c7a3b62d9402a4e74dc5939f.tmp
    Filesize

    465KB

    MD5

    55745feeba8c70da51379ab55b2714cd

    SHA1

    0480315278d7288822f467268b1fa89663a489f4

    SHA256

    cb7f287c09ca4c79653ba0652f3d870a2abc10610e7b22efcd15e0a3ed39f10c

    SHA512

    f4190253a37b5ee6fe7a18d7b4c9b0f356e9b23224976999a983c0e3f5c9c1fbbde3f893173a8fbd70eac29af52a78505037e717ddea014b011cd882c60e7f13

    Download Submit

  • memory/2732-0-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2732-2-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2732-8-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2764-6-0x0000000000850000-0x0000000000851000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2764-9-0x0000000000400000-0x000000000052E000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2764-12-0x0000000000850000-0x0000000000851000-memory.dmp

    Filesize

    4KB

    Download