Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1159439089...52.exe

windows7-x64

7

1159439089...52.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 06:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    11594390892fc4ba1f69fd4ecfbd7c52.exe

  • Size

    1.9MB

  • MD5

    11594390892fc4ba1f69fd4ecfbd7c52

  • SHA1

    95d3daa6a1645cb27cacf1075fc7bfd7c95e3a8a

  • SHA256

    4e2063a990faa7ac0a4b33fea0ff143bed723f3b0c957310835285804a9916fb

  • SHA512

    112e00ddd5b4bd643e512c749fa7aafa656ce18d6351aeef8d9be70432fcf71886eb2734f8f3664d9ea9394324d5f33d693a8804c3dda80992230424d39a0863

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10dCcSKr7hL1sWDYlSlck/AaLsbYF/dg/h1Wd0g:Qoa1taC070dCcS69OflqckZR62d3

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\11594390892fc4ba1f69fd4ecfbd7c52.exe
    "C:\Users\Admin\AppData\Local\Temp\11594390892fc4ba1f69fd4ecfbd7c52.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4184
    • C:\Users\Admin\AppData\Local\Temp\9F5D.tmp
      "C:\Users\Admin\AppData\Local\Temp\9F5D.tmp" --splashC:\Users\Admin\AppData\Local\Temp\11594390892fc4ba1f69fd4ecfbd7c52.exe 1024C48D06636BA67CC67495A0323F7F14D04F7CD24F25D838A14D026767204CAD3A2A7E8EA3799E4C1F50E9988B4EAFA2079286972901F2D679350F7207EAAD
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\9F5D.tmp
    Filesize

    1.5MB

    MD5

    98b648680b599b6bc31b721918ec7199

    SHA1

    281b99f1485e7cb7928f51f691993cdd00767ab6

    SHA256

    10b71ae033522bdd0e5b5bb79911de92c45fba762777b5e3bfd437c3e7f266bb

    SHA512

    582555eae0e3eadffb4477edf0c7a00f4395e55f0d223860068bf40a5b29c3f113d123bdd08f323984eb9e255a4597101d79f7efd79b54d3ea24d44bd5d65ff3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\9F5D.tmp
    Filesize

    1.1MB

    MD5

    17f26cd56e4facf383e5e356056972cd

    SHA1

    3ea34750298a0981354e08e6ff245af7b3fb7a3d

    SHA256

    e3001d06427f1b50165309b4208a65292a2a0419174e7839b508fdbedd788a53

    SHA512

    19f1348308eed1d1c8a00251dc3980851c6607285df8850ed53eea7c62a7265197687f4bbc23b82f11197780d11966158427a49ac0641e1345aae02164ae5035

    Download Submit

  • memory/3464-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4184-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download