Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

41f9bba48d...57.exe

windows7-x64

7

41f9bba48d...57.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    155s
  • max time network
    169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/01/2024, 21:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41f9bba48d9ce10cff3c98669ca22c57.exe

  • Size

    57KB

  • MD5

    41f9bba48d9ce10cff3c98669ca22c57

  • SHA1

    78dd45d52f7863225d8859e23d0c4a51d41b14b0

  • SHA256

    af0047c4ee026a29d9da0bf83fb90d92a8599893004842ddde951ad8308afdbb

  • SHA512

    719ae5713d4d3483e218c542b10fefb1c64bbc92f4bac8293a2848761f452cf24a3c798543b37c9a5885d5dfcf29de2bbb285d529bdab1be272703d8c0532f1b

  • SSDEEP

    768:/ddvoW2+hLnBhxszivxOmaelLBsbhrhlP7vMHJhjPBAO3te6J34jd14ZZceengQl:/dz2+hjBISaXVnMb7R9eBjzclJ6ovOH

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41f9bba48d9ce10cff3c98669ca22c57.exe
    "C:\Users\Admin\AppData\Local\Temp\41f9bba48d9ce10cff3c98669ca22c57.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2004
    • C:\Users\Admin\AppData\Local\Temp\41f9bba48d9ce10cff3c98669ca22c57.exe
      C:\Users\Admin\AppData\Local\Temp\41f9bba48d9ce10cff3c98669ca22c57.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\41f9bba48d9ce10cff3c98669ca22c57.exe
    Filesize

    57KB

    MD5

    4002ab7ded922ff21a9469de3b8bf0ea

    SHA1

    5228702fbb39513328bc37ceb7cb605b97fb8b69

    SHA256

    d0936bcb8674a023aa37fdfb1badc8218870c582cfd127d859d43291a7191a65

    SHA512

    41e2aaa68f6951752736ba04513eae32336a0ba247a28915cf4325af93d296a82414d67fa61972db3e079e479bd96503a106bc45ad5be0fcb919c6ca7f8a1a2c

    Download Submit

  • memory/2004-0-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2004-1-0x0000000001500000-0x000000000152C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2004-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2004-12-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2360-13-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2360-14-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2360-18-0x00000000000C0000-0x00000000000EC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2360-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2360-23-0x0000000001500000-0x000000000151B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2360-26-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download