Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2c84b5460d...e8.exe

windows7-x64

7

2c84b5460d...e8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 06:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c84b5460d6aa8f6aba79a1fe14549e8.exe

  • Size

    1.9MB

  • MD5

    2c84b5460d6aa8f6aba79a1fe14549e8

  • SHA1

    cec335d7208c3bc8d624470e9aa1112addf11249

  • SHA256

    c483a986e9f80d3497ebf2770195ba8fe919d56605c33199e59b7e921637ce35

  • SHA512

    d44affb804dac27489d2ceed8db88952ec446f79b8534cb397be34bbbaf4426bebdee9a1e60a989426bc65ab43133e390d686e776780ff6366a01bf7f4f473fe

  • SSDEEP

    49152:Qoa1taC070dlHfkyB5dOO44RVkRwM58Mr:Qoa1taC0CfkO5dQykwfS

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c84b5460d6aa8f6aba79a1fe14549e8.exe
    "C:\Users\Admin\AppData\Local\Temp\2c84b5460d6aa8f6aba79a1fe14549e8.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3836
    • C:\Users\Admin\AppData\Local\Temp\53DD.tmp
      "C:\Users\Admin\AppData\Local\Temp\53DD.tmp" --splashC:\Users\Admin\AppData\Local\Temp\2c84b5460d6aa8f6aba79a1fe14549e8.exe EA1BDD54AB9C00DDBD7CAFB8990E728BF46E312BE9FFF08916A02243BEC9A26AD9EE9AFA08231615369D5314E09D959EC05BB4B2F07E6BD07D2EC6CD469393CA
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\53DD.tmp
    Filesize

    1.9MB

    MD5

    adc43408483c2289aa63d6aa987a775d

    SHA1

    4d11aca3c4d3a00d408ea8a114e64298c7059403

    SHA256

    6897b0349958a40d44ad544ad25d53a375d6fa1a3dd3b49adf1987b1530d4af7

    SHA512

    b48b911ccc672d1b412f8a34add7d80c648019943b145b55c9ad3b5f832cf7f27208ef7fbbf7574fd7e2f7bcbce598403b0ba7805b13098984562a0dc154b3b4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\53DD.tmp
    Filesize

    1.3MB

    MD5

    f172807b8517e40164f2d66e85e22b9f

    SHA1

    93d074595170ffc87f439f58a28810bfb708644b

    SHA256

    7a756b2106e7f835a89f75267db614f3e3f169cb43f7ae8ce03f216a4df43c2f

    SHA512

    dd986e9630952eda80debb6d09bb7bb851629c3529c7aacd46044fef4b4801265e8aa6172421af5b2aa13c90cdbc312075ec876a5fd4d5231deae665cf1ecc15

    Download Submit

  • memory/756-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3836-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download