Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2d0a8f7715...7d.exe

windows7-x64

1

2d0a8f7715...7d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    170s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 07:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d0a8f7715721fb1379ebe4b828d907d.exe

  • Size

    385KB

  • MD5

    2d0a8f7715721fb1379ebe4b828d907d

  • SHA1

    413ba28abd4ecbeaa10e0b6c60d9f5c09eaf7ad6

  • SHA256

    057c00eba0fadfa4244c0828c0e8ebb370e5be235de7b62b43fce28bbc723f25

  • SHA512

    6230b2ffae2619ff2e15d585bec86f9615e860d3d3f3c3a0cce94a3123d8805dff22ff89a9e1fdd5d95476ebf71187c5efd1e1cdaf6a8f8567de061cf4644e2b

  • SSDEEP

    12288:GhNbAA6SwW7DDnf2YufKIhdo691Dhe6vNgKoB:INbA3SwW7nuYq9134B

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d0a8f7715721fb1379ebe4b828d907d.exe
    "C:\Users\Admin\AppData\Local\Temp\2d0a8f7715721fb1379ebe4b828d907d.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:32
    • C:\Users\Admin\AppData\Local\Temp\2d0a8f7715721fb1379ebe4b828d907d.exe
      C:\Users\Admin\AppData\Local\Temp\2d0a8f7715721fb1379ebe4b828d907d.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2d0a8f7715721fb1379ebe4b828d907d.exe
    Filesize

    385KB

    MD5

    df3d84e24c314ad43bc01c9e8b37e85d

    SHA1

    a417134f3e94470be48b1305f8341a8dca728b89

    SHA256

    3df44e91cc50b2603d62276b3913c28d039da336c0a6c5d49f29a75a7644bd1c

    SHA512

    4332df0585c5efd47f044bfcb7e00f554384886576e12c90c5573a2ced70f3879d27b6fe92ff560aa69135bd6bef28b3e0a7f60dc3aa5adf1f84be305c4b8944

    Download Submit

  • memory/32-0-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/32-1-0x0000000001600000-0x0000000001666000-memory.dmp

    Filesize

    408KB

    Download

  • memory/32-2-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/32-11-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/2620-13-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2620-16-0x0000000000170000-0x00000000001D6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2620-20-0x0000000004ED0000-0x0000000004F2F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/2620-21-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2620-30-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2620-35-0x000000000C640000-0x000000000C67C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2620-36-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download