Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

14bedc6ee2...26.exe

windows7-x64

7

14bedc6ee2...26.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 09:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14bedc6ee29b0642a0132b2dc67efc26.exe

  • Size

    777KB

  • MD5

    14bedc6ee29b0642a0132b2dc67efc26

  • SHA1

    d03c695259bcc1eeb9bf75d9bb9c401fd3571e18

  • SHA256

    2ffd9ef95f36b65e794d48a40b474a25bb8b35e4f028d476765ecf2f11606b63

  • SHA512

    066d5c74780f061af94cae42200da04af5d0d27e1377bbd5c71e32e2d65723fc24c7e4c80363ae91b866c3502904bc138cdc3137a2516b73fdf59b91d865ecd3

  • SSDEEP

    24576:7zXKqa8SEijjC+37li4daoInr1YSfi6HfRG7j//3/L:7z6qaakjC+3s4da1nHzfKv

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14bedc6ee29b0642a0132b2dc67efc26.exe
    "C:\Users\Admin\AppData\Local\Temp\14bedc6ee29b0642a0132b2dc67efc26.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2588
    • C:\Program Files (x86)\gvzon\ktro.exe
      "C:\Program Files (x86)\gvzon\ktro.exe"
      2⤵
      • Executes dropped EXE
      PID:4076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\gvzon\ktro.exe
    Filesize

    787KB

    MD5

    5c58e2948ff94bd68ba5bf2640e7271d

    SHA1

    02e5dad03d8cc7ab90807fa92d187688f894b0a7

    SHA256

    3e9cf282590b29d2bee43b27a8c90b789b26c4282a8711c32bb2e148fd5f6b6b

    SHA512

    9d53ca031b796b6346e9ac0f53342ab6d2dff2f7a6bc4bb519ea7d6c87ada082c7852839d102a7b6ef06b1804e008c387bf985d643c3f3d8ec33be9c6e9fc6f2

    Download Submit

  • memory/2588-0-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2588-1-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2588-6-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/4076-7-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/4076-8-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download