Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3f29b2acad...c8.exe

windows7-x64

7

3f29b2acad...c8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/01/2024, 22:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3f29b2acad26288bc4fb5e5d6455d0c8.exe

  • Size

    6.6MB

  • MD5

    3f29b2acad26288bc4fb5e5d6455d0c8

  • SHA1

    37aac9ded6bdde255b505b1e75a46912b1887578

  • SHA256

    4fa13c7aaec43fb4c26709239f0f996e363bb8ac0f284d36f6b16295302ec064

  • SHA512

    a0a6322ac90ce4f227c19588618376bd026b7becec96262aa3d379b9790639f861f77ed63467d7f420ef85894a60f857753be86a284155d8ea4995e8ed710a60

  • SSDEEP

    196608:dePaCsXDjDyf6L2WliXYrHW1L/NTEx5uBK:QPaCEDVL2ciIrHWR/NTEq

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f29b2acad26288bc4fb5e5d6455d0c8.exe
    "C:\Users\Admin\AppData\Local\Temp\3f29b2acad26288bc4fb5e5d6455d0c8.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1160
    • C:\Users\Admin\AppData\Local\Temp\3f29b2acad26288bc4fb5e5d6455d0c8.exe
      "C:\Users\Admin\AppData\Local\Temp\3f29b2acad26288bc4fb5e5d6455d0c8.exe"
      2⤵
      • Loads dropped DLL
      PID:1380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI11602\VCRUNTIME140.dll
    Filesize

    94KB

    MD5

    18049f6811fc0f94547189a9e104f5d2

    SHA1

    dc127fa1ff0aab71abd76b89fc4b849ad3cf43a6

    SHA256

    c865c3366a98431ec3a5959cb5ac3966081a43b82dfcd8bfefafe0146b1508db

    SHA512

    38fa01debdb8c5369b3be45b1384434acb09a6afe75a50a31b3f0babb7bc0550261a5376dd7e5beac74234ec1722967a33fc55335b1809c0b64db42f7e56cdf7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI11602\_ctypes.pyd
    Filesize

    124KB

    MD5

    7322f8245b5c8551d67c337c0dc247c9

    SHA1

    5f4cb918133daa86631211ae7fa65f26c23fcc98

    SHA256

    4fcf4c9c98b75a07a7779c52e1f7dff715ae8a2f8a34574e9dac66243fb86763

    SHA512

    52748b59ce5d488d2a4438548963eb0f2808447c563916e2917d08e5f4aab275e4769c02b63012b3d2606fdb5a8baa9eb5942ba5c5e11b7678f5f4187b82b0c2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI11602\base_library.zip
    Filesize

    763KB

    MD5

    bb1ae30e6f340dd56126dd894b4b7dc3

    SHA1

    7f0965aa3670310b54a84ebf8a0dbc11ba0f0e3c

    SHA256

    a48ed5da783eb02b9efe3d5b466bd6aab4a9b65f09f6eae8e6a6a127656a5b5e

    SHA512

    1b4312d4862fba4846d2274a0aa09a97f2df5fa5052a2827c356a81100336331067d2ac132666bccf379cfdd07dab50db8e48a1a201698c716d96e5fd15440b7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI11602\libffi-7.dll
    Filesize

    32KB

    MD5

    eef7981412be8ea459064d3090f4b3aa

    SHA1

    c60da4830ce27afc234b3c3014c583f7f0a5a925

    SHA256

    f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

    SHA512

    dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI11602\python39.dll
    Filesize

    1.4MB

    MD5

    4e94fc8625b0211a91e23b4cb8e78b88

    SHA1

    2ebb0ea17d4c2bdb35bdfdad907bdad2a66381b4

    SHA256

    654da4baa463d9d37793aaa12cc4a4bf0e08f29f6c504507feab1b33cc5d2b3e

    SHA512

    97db6cf1aea27e77ad6e590974d504bb6df9a3f2fe2d7dd57be6e194fcb24bedb6c9f8964d2f30a1e764c78bc7496c122833fc89602a1aced8f060ada4548e33

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI11602\python39.dll
    Filesize

    1.4MB

    MD5

    7d099978f34ed04893ef02e587ad4f1e

    SHA1

    2cae74cfbeea2c9e18a660155bbeebc5128a5291

    SHA256

    f5a6652078d39568d924811eff3fc99a33b685388569a6d6f4ef4d3d6f7a0c2b

    SHA512

    0e4c280e9dc6b763d26e2242a85e96d85ff3d61322e330c7a540e6167e05f8def8a2c2e074200966e79a47cd9af0a1d6f954324be5c62a9d21949e0e11565d99

    Download Submit