Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2d17cc03b9...b2.exe

windows7-x64

7

2d17cc03b9...b2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    194s
  • max time network
    214s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 07:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d17cc03b9decd284455c899013340b2.exe

  • Size

    385KB

  • MD5

    2d17cc03b9decd284455c899013340b2

  • SHA1

    929ebd22249f497e93c259d21b6716155f5b302b

  • SHA256

    d4ddf8a7e44b6d8354ef049f8b6382efe56b3d1cfa1ecb3be4b6e1cc7674f276

  • SHA512

    af7826855fe803e64a0c001f893619ce54a3903e97b7b530a51f91e91bae93a8424db31f90dad56701f783cb0861011e9b032ce2329c97eef1009710caa83528

  • SSDEEP

    12288:mhXSlx9lwrK9eAuqmHC7IwVe/LfmJwaiHnI8QrWyudiB:mhXk919eAuqmHCMakfmEHI8QrWNiB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d17cc03b9decd284455c899013340b2.exe
    "C:\Users\Admin\AppData\Local\Temp\2d17cc03b9decd284455c899013340b2.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Users\Admin\AppData\Local\Temp\2d17cc03b9decd284455c899013340b2.exe
      C:\Users\Admin\AppData\Local\Temp\2d17cc03b9decd284455c899013340b2.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2d17cc03b9decd284455c899013340b2.exe
    Filesize

    385KB

    MD5

    9ee9598cab44810e43bafe7c19ee5bf0

    SHA1

    8be6632602308cd6b7301e3a6ecda2d82c45e54a

    SHA256

    453be6ac2a11bbf6bd2e311af9f45d532ae5d55716a626851630cfe2da86e6b4

    SHA512

    9ffc8f9b413951493556c3ec50e4129b8b32372505edd2fad7ae8fde75c6cef99dd7c68604441ccc579999157d5d75ea474d357a53a5bcdeec72dce0af4fdb77

    Download Submit

  • memory/2084-0-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2084-2-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/2084-1-0x0000000001470000-0x00000000014D6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2084-11-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/4964-13-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4964-15-0x0000000001470000-0x00000000014D6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4964-20-0x0000000004F00000-0x0000000004F5F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/4964-21-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4964-30-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4964-36-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4964-35-0x000000000B730000-0x000000000B76C000-memory.dmp

    Filesize

    240KB

    Download