Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3ce7ffd5b3...54.exe

windows7-x64

7

3ce7ffd5b3...54.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01/01/2024, 12:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ce7ffd5b3a31829ffd1bc43f2bfc354.exe

  • Size

    1.9MB

  • MD5

    3ce7ffd5b3a31829ffd1bc43f2bfc354

  • SHA1

    02fe82cabc34260f05a8d4b9698249d96c5e74c1

  • SHA256

    2ab5c94b76bde8085e35165ead9bb86201fa9891f04fb6cbe7c35d97a86a8e77

  • SHA512

    01083379fb1bc28652df1bd6dc469982222f5e233fecc523419eab2de032c4c20d1c8acbdb36b353bf5804ea6ed3eb7c20089ec6118ef819ed8764395decd090

  • SSDEEP

    49152:Qoa1taC070dF6+vwCR4uelNJsG3l1cX1g:Qoa1taC0W6uwCR4uqJVCe

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ce7ffd5b3a31829ffd1bc43f2bfc354.exe
    "C:\Users\Admin\AppData\Local\Temp\3ce7ffd5b3a31829ffd1bc43f2bfc354.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\Users\Admin\AppData\Local\Temp\842D.tmp
      "C:\Users\Admin\AppData\Local\Temp\842D.tmp" --splashC:\Users\Admin\AppData\Local\Temp\3ce7ffd5b3a31829ffd1bc43f2bfc354.exe 902E18A815323F8A081731549A3669D303A871FA30117C4E9D9D9C705A5106F98F5DE773C2715B9AAD502B30D24FF421EB71E4F178960C8FB19203B1D07E98D1
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\842D.tmp
    Filesize

    481KB

    MD5

    796d9f3f1f0e96beedf498472e782f00

    SHA1

    697ccd0af8debea20b8c6426e2cfd8941a6ee5b5

    SHA256

    c73ce6aeda3516434aba1833c01b44205d3f432af28cf7a87bd8f07120fc6e94

    SHA512

    0948e928ca2ba4e9c88eb61481526e6126428c9f08429def1216dc60f4d139cd3393b26880227f63e233264b49bed2eac1d158e3f5dea6fa1a6d23a2dcd72204

    Download Submit

  • \Users\Admin\AppData\Local\Temp\842D.tmp
    Filesize

    333KB

    MD5

    6c6e88aa08ca961bf8264c85f0d859bd

    SHA1

    79c59abb681e392f1b22bf0b6dcbc707ba082781

    SHA256

    981dad024dce340706e080b455a05b9ead236ef157551c6ad0b6a36b12d9ea4b

    SHA512

    ab6f84a56f2b76040ce99cf8baffe32744c1e99dc42150757f3ff91603652e06c9053914976e8cb5c48a15cac9ac691e3d65b224bfd77a3a259e27016e1a9964

    Download Submit

  • memory/1924-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2156-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download