Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

16af01a454...19.exe

windows7-x64

7

16af01a454...19.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 11:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16af01a4543ec4fa5ecd8d54a4ed9119.exe

  • Size

    647KB

  • MD5

    16af01a4543ec4fa5ecd8d54a4ed9119

  • SHA1

    0873c1f7b9663017640cace306f4b951a0cc5a73

  • SHA256

    cfa2dfb8a0133c462e2620bb5dd368b39807241c07274e0442dda0ca31e76766

  • SHA512

    8d415a038d12342c4bb5a2520b6917e2c9a7c42252c76985ab0ef4029440b0b2efbca60f42c7057d428d0843f960764f5dc99c08afc8da474ff3b2b54de0529f

  • SSDEEP

    12288:mGwF8DRXgVPqaoXNoEixlbjDm+3z2AJLDl16ncmg+3y/iVSabkmujifBmQHv2FkL:7zXKqa8SEijjC+37liXbLbklmfB7P2Fc

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16af01a4543ec4fa5ecd8d54a4ed9119.exe
    "C:\Users\Admin\AppData\Local\Temp\16af01a4543ec4fa5ecd8d54a4ed9119.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2096
    • C:\Program Files (x86)\iuxume\xmacawuapy.exe
      "C:\Program Files (x86)\iuxume\xmacawuapy.exe"
      2⤵
      • Executes dropped EXE
      PID:1468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\iuxume\xmacawuapy.exe
    Filesize

    663KB

    MD5

    66f8cc302047f9b849888a9011d97cbc

    SHA1

    b0568db894ae1b78c424776ccb9f201db199c85a

    SHA256

    e26bc11abefe4514d68ae96a63dcbd2665ecc64d4ea0bdce3b853f84eb105fd3

    SHA512

    3686bb6dfc315a1c07c5ab82dce816c66159d46072f1be4443b5983ecc9b26830b4fa56884248764c99e9642448216ef504c272d19e24d192db9cf39a40ee58d

    Download Submit

  • C:\Program Files (x86)\iuxume\xmacawuapy.exe
    Filesize

    257KB

    MD5

    eaca9b5b4f4007fbb6b29fd3c9303941

    SHA1

    ff5f78d25d119cc590d6bb7e0325790f0ed38f09

    SHA256

    9c90d5eee84389e6f140d5cfba7bfd0260268177d000037f98d2641bdc538f76

    SHA512

    2768026e419154451405473b0cd4a589775de06ef340d556f4454b5b182e7a65a1991db0544491879d4f03cd34070f040892720c65e15c55684a930898862147

    Download Submit

  • memory/1468-7-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1468-8-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2096-0-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2096-1-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2096-5-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download