Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

407157a04d...6a.exe

windows7-x64

7

407157a04d...6a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    04/01/2024, 09:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    407157a04d6dfc0d979119001083d46a.exe

  • Size

    744KB

  • MD5

    407157a04d6dfc0d979119001083d46a

  • SHA1

    e755e4e8ce0ec458e6623977def3a6c36832aab6

  • SHA256

    e46878754e0604bfbd8cd833359421508c245c97947c407c092064980e4db6d3

  • SHA512

    f9aa416795f4e83a7b48e45d6f52e3ea5d3b6d783e8731748dfaed8c5960105fc80081f50928a1cb8883d9b0784f600eb88d31537329e10b8e6fb15705046550

  • SSDEEP

    12288:uaHc64b888888888888W888888888889jscV7TdjL47zdU5imqsX3sv33rD+zG/A:F86IIW7uvmQBsHUezG/aYFkJR30F6rpB

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\is-9K7S4.tmp\407157a04d6dfc0d979119001083d46a.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-9K7S4.tmp\407157a04d6dfc0d979119001083d46a.tmp" /SL5="$4001C,371795,121344,C:\Users\Admin\AppData\Local\Temp\407157a04d6dfc0d979119001083d46a.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2400
  • C:\Users\Admin\AppData\Local\Temp\407157a04d6dfc0d979119001083d46a.exe
    "C:\Users\Admin\AppData\Local\Temp\407157a04d6dfc0d979119001083d46a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2252-2-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2252-0-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2252-10-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2400-8-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2400-11-0x0000000000400000-0x000000000052E000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2400-14-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download