Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

25fcd80371...60.exe

windows7-x64

7

25fcd80371...60.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 03:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    25fcd80371653728042c60d466078360.exe

  • Size

    6.8MB

  • MD5

    25fcd80371653728042c60d466078360

  • SHA1

    c799dc8fe2a79fa29a396acb3d13236d17f424ed

  • SHA256

    2f2bb1763bc205bc21816b238d83131153dcd6a7b6cab6eac9cd500e862ea9ab

  • SHA512

    c622b088357298d1e491b59387e6f88b19cebe705a3f95e3b6ca4db6b523f75bc36ab3717d986fe0ce0a9d7aacf1d5870f364bfac07aab0847896e6b1f906eda

  • SSDEEP

    98304:c/SO/vuFH/7JNu2AK//uEnGj7tNCBhNm+AHEA7pzDuMn57PTY0hI:JguFHJAsmBXG9AHEsa6T7K

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 19 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\25fcd80371653728042c60d466078360.exe
    "C:\Users\Admin\AppData\Local\Temp\25fcd80371653728042c60d466078360.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4984
    • C:\Users\Admin\AppData\Local\Temp\25fcd80371653728042c60d466078360.exe
      "C:\Users\Admin\AppData\Local\Temp\25fcd80371653728042c60d466078360.exe"
      2⤵
      • Loads dropped DLL
      PID:4248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI49842\VCRUNTIME140.dll
    Filesize

    84KB

    MD5

    ae96651cfbd18991d186a029cbecb30c

    SHA1

    18df8af1022b5cb188e3ee98ac5b4da24ac9c526

    SHA256

    1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1

    SHA512

    42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI49842\base_library.zip
    Filesize

    381KB

    MD5

    010ca9654e25d9bcd76ddf24c0c9ad3d

    SHA1

    ed2d22b5ce979096769955182f40fe93710715e7

    SHA256

    2bbbbfc7cd62999491b64b157184114a5026d207469ff281cf84498c2410c39d

    SHA512

    d56e52a899acfe3d944142a38b238ba94ccc8fb5c32ef7476cdbff8fb0b23c4415538dc5fdf7666e122130aa2dd433f53ed3694f1b35f88d859849e6daa5bf8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI49842\python38.dll
    Filesize

    93KB

    MD5

    bd6bdd26370cf298e11eb9a51c0a6fc3

    SHA1

    84480f2061050ace41b989b5db24fdb66e37879f

    SHA256

    8a4c3685e5bd5278a390e1c73ab86854a62585498bf584d06dea487dba193806

    SHA512

    77c5a9ceed547ba87d8782bd34084bf07b99ffc745ba2541d895956e3321216ca81234b786136da20785f254536662b7f875be1dd6717fca84cf5bb1ace2b779

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI49842\python38.dll
    Filesize

    381KB

    MD5

    718165011ad47db069b4fb7c344f4e16

    SHA1

    b8df12e3f905425ae4f4e1a076bbd8b307589c72

    SHA256

    dde2ffc674dc869f78abb6ea1aa9247b1b12e078b8417e5ea1acfcae658b0669

    SHA512

    d6f1dffa778a68eabe4ee7a6e5243048f581741168ef6ee2b92eb0fe0e935914783b7b04a011465e1029a21dd39c748540612289f7590c797193a38e025bde1e

    Download Submit