Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0c02b9d0bc...77.exe

windows7-x64

7

0c02b9d0bc...77.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    52s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 02:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0c02b9d0bc298cd6aaf12e1162b26777.exe

  • Size

    82KB

  • MD5

    0c02b9d0bc298cd6aaf12e1162b26777

  • SHA1

    50bb47d2a5f53b1b6c6a67acff6460cb63e11c79

  • SHA256

    5749dc84a88afddc221672319f13eb3730c4ab4b1e1223fb191296d999956380

  • SHA512

    aa567c6fa32a5e013e8bee1ba643d8897763f304216f7c915de0ffc27c823607f4522be23ae9dbd00e60e03f566fe304ba1281e9ed419e1db4fce097940450c2

  • SSDEEP

    1536:onaxJDTGqU18SAXXef/DbKBTm0VffNLAg4ZV6goG3FOW32mjR/Cq0jpWQxAeMeV3:onKDNTSOX/BTV1NLAgA4AFOW3DdK86MY

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c02b9d0bc298cd6aaf12e1162b26777.exe
    "C:\Users\Admin\AppData\Local\Temp\0c02b9d0bc298cd6aaf12e1162b26777.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\Users\Admin\AppData\Local\Temp\0c02b9d0bc298cd6aaf12e1162b26777.exe
      C:\Users\Admin\AppData\Local\Temp\0c02b9d0bc298cd6aaf12e1162b26777.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\0c02b9d0bc298cd6aaf12e1162b26777.exe
    Filesize

    82KB

    MD5

    d8e039129784cdd3f3bd4ecab98a8f4c

    SHA1

    6f7d19878b43a94d843758929608f2873ad3c7d6

    SHA256

    488dd2a1213d38f03aaa4b1b105d63606b4f09142409a66f0797138a07114385

    SHA512

    01a641ad9457c28b043e9cf0c6567d20448f38ad9c835061f5f3b31f33cae7415eb8e42ef85452ffae9fedfd96572e5f2a441eb734027aa577ff379db369d37a

    Download Submit

  • memory/2532-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2532-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2532-1-0x00000000001D0000-0x00000000001FF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2532-15-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2532-12-0x0000000000210000-0x000000000023F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2988-17-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2988-23-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2988-24-0x00000000001A0000-0x00000000001BB000-memory.dmp

    Filesize

    108KB

    Download