Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

454701206c...31.exe

windows7-x64

7

454701206c...31.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/01/2024, 04:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    454701206c7cb270ec5736814e372631.exe

  • Size

    1.5MB

  • MD5

    454701206c7cb270ec5736814e372631

  • SHA1

    ddc972a4eddf0138dedf5649c0c7205e4506355d

  • SHA256

    e9f5d383cc4bfdc01233e4f54a12cdc52d37b870da0d98628fec832ff215b057

  • SHA512

    27934b55442da5789717ec3afa7c92268c511c00d8135492cb4211413b36e509d114169a5e9f46c1b001eba90b154f4f824a51aae6179949c27a25e0bec4a4c1

  • SSDEEP

    49152:lrq0R07QQmRr7g+zAivrHDoDNAj886vx/:hq0+7uPg+zAEDnw86F

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\454701206c7cb270ec5736814e372631.exe
    "C:\Users\Admin\AppData\Local\Temp\454701206c7cb270ec5736814e372631.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3516
    • C:\Users\Admin\AppData\Local\Temp\49EA.tmp
      "C:\Users\Admin\AppData\Local\Temp\49EA.tmp" --pingC:\Users\Admin\AppData\Local\Temp\454701206c7cb270ec5736814e372631.exe 7C527CD0B225B81BC0B2D28E9D0F9C5A2A0FC140D7042B290A5B933E830B3DF157EE858650B492274E7C99058ED5372B7B3C8CAFC33EF3CB794E5B11F811D422
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:5024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\49EA.tmp
    Filesize

    833KB

    MD5

    c68875c591909119179123fadfb71ce9

    SHA1

    b9d5f8602ee233c19830138a499b1b2894d368e1

    SHA256

    69cbe20e3a1ccfd07d884ac6fcb5675bef656e29d7a41f1c7d84179cecdba319

    SHA512

    4294c8c01f5cdacd305c70742484f6f436fae73221aea85cda4258fcf8911a4765f3718ecd8ae2c1d42229047001cde48faef052072b046292018c5d0b101eb9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\49EA.tmp
    Filesize

    822KB

    MD5

    253aad04ce3a66ddce88f8b6e38bed82

    SHA1

    6bfff150d6392ed576e5a869d104243bdf4a619e

    SHA256

    d92e4877cc6581cca98c8f38c7bbd513d1292fcae6502a55011d59f127a41ef7

    SHA512

    ab5026522434dbf197e466d8feae2f0f7ce2a8ee53352625b03c4ca59f21fa449ca3d5626a8a55837726003e885d349ddafb66241fbe8c9434e132f71d3c51b0

    Download Submit

  • memory/3516-0-0x0000000002B70000-0x0000000002BEA000-memory.dmp

    Filesize

    488KB

    Download

  • memory/3516-1-0x0000000000480000-0x000000000064E000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/5024-7-0x0000000000D40000-0x0000000000F0E000-memory.dmp

    Filesize

    1.8MB

    Download