Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

201fda6f4e...64.exe

windows7-x64

7

201fda6f4e...64.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 23:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    201fda6f4e3637a02c3ccfbbf5b97264.exe

  • Size

    1.7MB

  • MD5

    201fda6f4e3637a02c3ccfbbf5b97264

  • SHA1

    739a36b316c2cec8711dad30dfb91a4f0b0953a1

  • SHA256

    62b778a44b142330fb22d3ab71d77cdb78c63fbf112d87c9c10118638f741f85

  • SHA512

    2ad638522c9ea0ebc5f2fcfd7412c261856824d97aa0c566deb10b0e5b254c785be75986df3319743db6599ef22b15976cdfbad5746df92a97dd91ffa3092ea9

  • SSDEEP

    49152:5afahOLTV/Wf1+qwbp9+q5l7ZDRDHXJYinXBgJ:QfaeA1PoqEl7V1HXFRgJ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\201fda6f4e3637a02c3ccfbbf5b97264.exe
    "C:\Users\Admin\AppData\Local\Temp\201fda6f4e3637a02c3ccfbbf5b97264.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4532
    • C:\Users\Admin\AppData\Local\Temp\is-VVIBH.tmp\201fda6f4e3637a02c3ccfbbf5b97264.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-VVIBH.tmp\201fda6f4e3637a02c3ccfbbf5b97264.tmp" /SL5="$6011E,1488438,54272,C:\Users\Admin\AppData\Local\Temp\201fda6f4e3637a02c3ccfbbf5b97264.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-VVIBH.tmp\201fda6f4e3637a02c3ccfbbf5b97264.tmp
    Filesize

    92KB

    MD5

    edfc005c3404787bf5fdaf2f79a7bac0

    SHA1

    263442ab40d3c9be8b9d1c85881bf4b363054844

    SHA256

    2576284158f604a8337b86fe933d506780cd5bef20c74e1ccc75a64ea1af6459

    SHA512

    23bef73a2426f5380af2d57fd38f21a43125a50febc90709393cb2e559fdb2a87a3738a122d5ea1942fd30423e77dd833d0b6e69be4239e56ce74ee924eba1e4

    Download Submit

  • memory/4428-7-0x0000000000650000-0x0000000000651000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4428-35-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/4428-38-0x0000000000650000-0x0000000000651000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4532-2-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4532-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4532-34-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download