Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

41f2fe6009...7f.exe

windows7-x64

7

41f2fe6009...7f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/01/2024, 01:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41f2fe6009441804e7368bcc5f00d47f.exe

  • Size

    2.7MB

  • MD5

    41f2fe6009441804e7368bcc5f00d47f

  • SHA1

    d49ebb4ee7c2bf38030a0f23cc655380446b9c8c

  • SHA256

    f809dfd68b236e19503d5d1f28fe2e4ddf3fb1488dfcd352e8f9ed8ef21e2bc4

  • SHA512

    0bef96bb9c30bd75bd8acefa64c44b6f9d51f90b14c74950baf4bdf9d04425ae647ba7e5d49e957eb210bdee6d883922846e5f5281c71ccb898e07d18c102b32

  • SSDEEP

    49152:5awRLbpEtTYMWegQpQukSVrtoI2etch+ocWurm+u/bQf0qPWoinXBgJ:QwZbpOT/KuvOI2wocLu/b5ZTRgJ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41f2fe6009441804e7368bcc5f00d47f.exe
    "C:\Users\Admin\AppData\Local\Temp\41f2fe6009441804e7368bcc5f00d47f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3584
    • C:\Users\Admin\AppData\Local\Temp\is-4RLB0.tmp\41f2fe6009441804e7368bcc5f00d47f.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-4RLB0.tmp\41f2fe6009441804e7368bcc5f00d47f.tmp" /SL5="$800DE,2392013,54272,C:\Users\Admin\AppData\Local\Temp\41f2fe6009441804e7368bcc5f00d47f.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1800-7-0x0000000000590000-0x0000000000591000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1800-37-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/1800-40-0x0000000000590000-0x0000000000591000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3584-2-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3584-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3584-36-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download