Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

0e1006ddbe...53.exe

windows7-x64

7

0e1006ddbe...53.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 04:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e1006ddbef07df2d6e8fb9105585953.exe

  • Size

    1.5MB

  • MD5

    0e1006ddbef07df2d6e8fb9105585953

  • SHA1

    360ba79267072eb07555786b42e985d651133846

  • SHA256

    402f2814f7a2a3f20534ad41005e9c4327a6dc247e549351cfe947fad4de7cfb

  • SHA512

    9882d69551879ec12435e2838e743de65b1f619b66951e8afa42cd94421c68cae35bf54e49729d9b8186b673a0402fe212f1a75e3e4e90cb32a7d6df14fb23bc

  • SSDEEP

    24576:NUUE3a1DDzirxfDSvF6PAc9WH/IERO7xSsDxl4twsXMmSMpW:NURK5DkQF2VWfIERWxSsD4tTXMm/

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e1006ddbef07df2d6e8fb9105585953.exe
    "C:\Users\Admin\AppData\Local\Temp\0e1006ddbef07df2d6e8fb9105585953.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Users\Admin\AppData\Local\Temp\0e1006ddbef07df2d6e8fb9105585953.exe
      C:\Users\Admin\AppData\Local\Temp\0e1006ddbef07df2d6e8fb9105585953.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\0e1006ddbef07df2d6e8fb9105585953.exe
    Filesize

    1.5MB

    MD5

    06b97a4c52737e6fc2517c94935300b3

    SHA1

    570f50ffcd5f95e2f1fea4af65b4a402562010b7

    SHA256

    4e1f502599f1f06b357afaa375c276d092b21585620427639d143cd06bc64129

    SHA512

    0d5b5d59c1aff12b2b20b7fa720e2be6d5d3a34d7ac17fe21460b6d4827c12039b01b62b4756388e6c1c77e452382b23842ecc56188513581d27fdefb28f2819

    Download Submit

  • memory/1712-0-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/1712-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1712-2-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1712-12-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/3508-15-0x0000000001D10000-0x0000000001E43000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3508-14-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/3508-13-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/3508-20-0x0000000005610000-0x000000000583A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/3508-21-0x0000000000400000-0x000000000061D000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3508-28-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download