Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

29756d8bc8...91.exe

windows7-x64

7

29756d8bc8...91.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 05:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    29756d8bc8de9b2f8db8401489bc0b91.exe

  • Size

    1.9MB

  • MD5

    29756d8bc8de9b2f8db8401489bc0b91

  • SHA1

    035315a4cb54778176778d049a1ea2c4fec87ec9

  • SHA256

    fdab35cf40aadf468efd9e6249147d3d2ccf0f440ed9f630d61546bca8c26049

  • SHA512

    34cd35d151f882eb0c230703674834ac7c2f975a35e644d062aa46204b1f1f5880eb9c9113661490d48d6ef8a0fde1b28f3dbbdd10a87b38ac99aa7e994f4a4f

  • SSDEEP

    49152:Qoa1taC070dtbru/OB8gKg67WWT+XXRcDnK2hUTP:Qoa1taC0kbMf7ORcTK4UT

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\29756d8bc8de9b2f8db8401489bc0b91.exe
    "C:\Users\Admin\AppData\Local\Temp\29756d8bc8de9b2f8db8401489bc0b91.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:552
    • C:\Users\Admin\AppData\Local\Temp\5360.tmp
      "C:\Users\Admin\AppData\Local\Temp\5360.tmp" --splashC:\Users\Admin\AppData\Local\Temp\29756d8bc8de9b2f8db8401489bc0b91.exe 7371596CE52F64AB60A0976985C132CAB69A1BF2F2936385BDAD56500256C27921721D23B6E54D509AA9AD5FCD282C951AD8A5EC6B03840115FAC8C5DB340BA8
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5360.tmp
    Filesize

    384KB

    MD5

    002d80923d72bd312046cd6ae6d5bf24

    SHA1

    e8d319ac5ea8c19795997b2cf07b370aec3fb3c4

    SHA256

    7edbde5382ce980107021819e939229e65bbea14b00189986e7bc2268d14146a

    SHA512

    14b0207c9c7a705c19c64a1f0fb4445f61a207835e0f91978496f4bacd1ceb4bb9d58539066dee816513e46d688c4ef7b879fdbd389914cc912909ea8b90f24e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\5360.tmp
    Filesize

    92KB

    MD5

    6e1ade04ace562019dbec7c80c9e402e

    SHA1

    04916d71593e6767c16b8a3dc34fc62557dc474e

    SHA256

    2c28bfbad146c1ee725595e00c7e1230f737265ad3801a01c220d16a0d0e9f35

    SHA512

    f03d1cb741a8f4a928201ac9d15038f234a5cd71a890c7001e5b9a19503149995c7686be9e9d19ccbe5757d752bfe541a60f819382b8aa579e3564c6c140ba38

    Download Submit

  • memory/540-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/552-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download