Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0835446f91...fa.exe

windows7-x64

7

0835446f91...fa.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 00:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0835446f91d7e4021b85805a981560fa.exe

  • Size

    6KB

  • MD5

    0835446f91d7e4021b85805a981560fa

  • SHA1

    2ee9690c8538befe9a819ce468922703f07dc701

  • SHA256

    0bb6b860af7efaafa9cf2dcd81fc19529847f8c35f0908340e44e6ac25cc917e

  • SHA512

    f6752f9b4db3cf20216ce0a420faa47f6fbf16e12ed1936b6732c56c4b9e8dc9ec89a7f8fa81f943abc479c72a29711241b1ffc654c06b7dfecb837788ff1d7b

  • SSDEEP

    96:fvl7yOWeX42MDdsZl0veZBA8UZBooSw59K36ppBuXnjhg9Y:V7xsvuZln8ZBooSklOjh4Y

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0835446f91d7e4021b85805a981560fa.exe
    "C:\Users\Admin\AppData\Local\Temp\0835446f91d7e4021b85805a981560fa.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2356
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\901F.bat
      2⤵
      • Deletes itself
      PID:1888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\901F.bat
    Filesize

    183B

    MD5

    31bf3346c8b54e776da06ca29f722ca7

    SHA1

    3f386aeae1e8ef98e7d4d05c61aea7548dda62fa

    SHA256

    61e81b557077b4cf844f5f94df2f86c3c2ffdcbc5838466e0c59a62fa5dd59d6

    SHA512

    2782408559e5ade1ecd928f11755269c23b29c61037bd38e1fe5a1d251e6dac58a8b33aaad349c282cf34b3b8a8d36f011fcdc79f998ffa4f0c1a1431246e230

    Download Submit

  • memory/2356-0-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2356-8-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download