Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3bed17a377...ce.exe

windows7-x64

7

3bed17a377...ce.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    175s
  • max time network
    189s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/01/2024, 04:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3bed17a3773a209f87e78a916f0c43ce.exe

  • Size

    126KB

  • MD5

    3bed17a3773a209f87e78a916f0c43ce

  • SHA1

    729da5748892da538527377c49db04631b16c2d1

  • SHA256

    c1b16b4256b3e0eed31bafbf753bb8ce2b04ba136438564c556d3253a8e5ccf5

  • SHA512

    bb2287edbee73600381d1849949adb26a353341bb42a1da21e005462a1ddeae3b8775298c33ec751e28e0cccccb6927e22b3df01a19b5681820e959ee684c72f

  • SSDEEP

    1536:nezSCticukPPzXnvnk0md41mLBVLjVRpdzmc0VkPDY/7noK:e2CqkPr80mu1m3jXzUnoK

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3bed17a3773a209f87e78a916f0c43ce.exe
    "C:\Users\Admin\AppData\Local\Temp\3bed17a3773a209f87e78a916f0c43ce.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:4224
    • C:\Windows\SysWOW64\MsaShshaield.exe
      C:\Windows\system32\MsaShshaield.exe
      2⤵
      • Executes dropped EXE
      PID:2400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\MsaShshaield.exe
    Filesize

    82KB

    MD5

    a9b8ec2b85edf4819281a0ccb833e2b3

    SHA1

    1d8aea2229a859ede64400e9c05544c5d0494f57

    SHA256

    aef1faf46147d17bd5fc53b390c49a33f8dbbc1dd85405b39f3e891ec2fb6f6f

    SHA512

    de2ea468cde84c2081edc1f7c8e896ae901e3bdc9e5951c2ab670b3012825b780853e9e22c9bcb683e44010b76dbb9cc48d34cb05eba0712e422c0fb08d0c667

    Download Submit

  • C:\Windows\SysWOW64\MsaShshaield.exe
    Filesize

    16KB

    MD5

    84c8d21fe38d085a11ed5748c9cae06c

    SHA1

    51667972236426a44beaa3e2a352ddf5ecd17080

    SHA256

    246a9d8f68265cd8066ff6940ec53e09c4efb0943f579a23f1480eedf5f99e85

    SHA512

    8d18ade88339cbf224ec65f8c59e8e2890dbdb5414a0ec83280acf671dce60652c96930f38f53602d1f3097b39124620515a325b8bb220e35c919652e8e2fdba

    Download Submit