Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

4410ffa5c7...95.exe

windows7-x64

7

4410ffa5c7...95.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/01/2024, 17:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4410ffa5c7e5202de8979df0b711dd95.exe

  • Size

    3KB

  • MD5

    4410ffa5c7e5202de8979df0b711dd95

  • SHA1

    c5c02162b2c337056bea2f55fa5ac09982bda24b

  • SHA256

    f46f7d0f440d0a3fbc1f518762ac2f92832f0ea037457bac97009e91ecd602cd

  • SHA512

    d29a1074fedcc392f4e5bb6450a989eb4059ce36d456b6d63d9d3e53a150a1b1bda0c37584ee8498157817de8092dc4f346079adedd1157b8fd094b5bab29e8b

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4410ffa5c7e5202de8979df0b711dd95.exe
    "C:\Users\Admin\AppData\Local\Temp\4410ffa5c7e5202de8979df0b711dd95.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:4824
    • C:\Windows\SysWOW64\RUNDLL32.EXE
      RUNDLL32.EXE mega.dll,Start
      2⤵
        PID:1240

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\mega.dll
      Filesize

      662B

      MD5

      b43775baf31740cf3162d53d9bcddd12

      SHA1

      3697fe5cc28360607164549ded5fb9541f193540

      SHA256

      8a797e9576307d73c2c52d2e601a951af9c6559011492c5403dc897a3d3b0990

      SHA512

      997a2445507263a2bd170a59e03007b9ec460725ecfb60c73896c67052ceea28ef92b0ba1b17c1bb7f20d01e23d9cd7609ceb33152293b24380117e883cb56b7

      Download Submit

    • memory/4824-0-0x0000000000400000-0x0000000000407000-memory.dmp

      Filesize

      28KB

      Download

    • memory/4824-1-0x0000000000400000-0x0000000000407000-memory.dmp

      Filesize

      28KB

      Download

    • memory/4824-8-0x0000000000400000-0x0000000000407000-memory.dmp

      Filesize

      28KB

      Download