Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

205856ad0e...35.exe

windows7-x64

7

205856ad0e...35.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 23:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    205856ad0e2f95ff5a7a1088e96fbd35.exe

  • Size

    692KB

  • MD5

    205856ad0e2f95ff5a7a1088e96fbd35

  • SHA1

    4711d509688f3bb27e16e1d71f95596a3286a77b

  • SHA256

    254a960e930c6355342a5fc1d2e3095c4bce1674338a472611056ba989573c00

  • SHA512

    bb2701bee710f31848c10f15fc319c811f2874fcf0dc5db454859970374d90f411a7658a89a76712216e72ea5e68db563390e397ceb7784d3543d77a00dc3cc2

  • SSDEEP

    12288:MLry/neyx7f/A64j7P+tixhT8n3qBmc1YkVYhtmsU3iWb6dfdv:qKeyxTAJj7P+yW6mc1YVtmH3iW+rv

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\205856ad0e2f95ff5a7a1088e96fbd35.exe
    "C:\Users\Admin\AppData\Local\Temp\205856ad0e2f95ff5a7a1088e96fbd35.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:4788
    • C:\Program Files (x86)\ggxyow\svskgimfq.exe
      "C:\Program Files (x86)\ggxyow\svskgimfq.exe"
      2⤵
      • Executes dropped EXE
      PID:2144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\ggxyow\svskgimfq.exe
    Filesize

    103KB

    MD5

    8abb2076f3f7ce5483caaf5cf8506e96

    SHA1

    bf560e20c632ab0b6836c2879bb1c9e97d26ce89

    SHA256

    c49b38592f96b5f18d187554e9a045bac03efa3c2013ef660044b725f90d138e

    SHA512

    cedb4bfad87c5356f051fc98018fb530bd690d475e097abc5c2a9b5eff5789f0e8ad7b27cfd1c19d89dab84516bdeca6bd2e26d3fbd7820d1b344051f01d6e8a

    Download Submit

  • C:\Program Files (x86)\ggxyow\svskgimfq.exe
    Filesize

    28KB

    MD5

    491817c202bdd50495d931e0e56d9113

    SHA1

    d6674ee8d511c9adb105b959ad7ea703ce1ecbb4

    SHA256

    03b061276210d094212717406e7d2cf099111887ceaf1320caab6b4e3ce86fbd

    SHA512

    cfcf80366a9aea9ea09687488ee2d61fdc54b501dd1a25c208a7aa97aead7c595366e03712e56b12fc960518cd642d48ea34c3b55e29db3d81a0ff373896562b

    Download Submit

  • memory/2144-7-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2144-9-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2144-8-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/4788-5-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/4788-1-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/4788-0-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download