Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

4532268de4...6c.exe

windows7-x64

7

4532268de4...6c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    06/01/2024, 03:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4532268de407e274db6a5ec3792e0a6c.exe

  • Size

    1.9MB

  • MD5

    4532268de407e274db6a5ec3792e0a6c

  • SHA1

    e431e9a9e08f2dfcfc8768a5e73f1e6057f555f4

  • SHA256

    ed7f82a73d8b43a9e5042bb5ca6880ec7fd6923f6d135b7363e627e6a02461f5

  • SHA512

    59bd251a050c652d17d62157f86130b99e1c543bdd63936d87c54800cfd64ce647a7cc03b02a8da9c062720860341f42fb37e63e0c9d9ef86390def0bc435da4

  • SSDEEP

    49152:Qoa1taC070dvxjwjrlYq+OFMlK3wkrktfaktKxKc6e+8vQ9:Qoa1taC0OJwj+q+OFMlK3UtfajxKm3v+

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4532268de407e274db6a5ec3792e0a6c.exe
    "C:\Users\Admin\AppData\Local\Temp\4532268de407e274db6a5ec3792e0a6c.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2436
    • C:\Users\Admin\AppData\Local\Temp\47BA.tmp
      "C:\Users\Admin\AppData\Local\Temp\47BA.tmp" --splashC:\Users\Admin\AppData\Local\Temp\4532268de407e274db6a5ec3792e0a6c.exe 0F546996AE5F8B82A1251F2D584D559B669847DCAE86B30519C3E9B4D488C315F8800D22E6253173718F5158889D110A9037901B47361FBCED93A46C7FD5EA72
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\47BA.tmp
    Filesize

    49KB

    MD5

    463fc3a5073fac6bbba9b8758ea0040f

    SHA1

    4dbfd1565bd0aa9fcb73a42338b3e14c205a6e3d

    SHA256

    43c1cacc6697e688f8e9218fb0b80fec3a2c2ae6dd433d38f4a077b7383fc21c

    SHA512

    eeab0b249f5da5544e9d0666f3a6dd8b9f2f6f7e3b15bdb175413a1d60ac0bc8b79563d2ac0f0f04265fcbb3ce9100cffff3b7f6e0f2a192c48fb60f952fa74d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\47BA.tmp
    Filesize

    41KB

    MD5

    5c6502cd6088976ccda2de4da61cf38c

    SHA1

    d985eb57cc807e3d3465ecad8357b44d4f49b5cb

    SHA256

    fa54348206a1269584785c057c64542d17c52e52d618e4cedf7fca259a5b20dd

    SHA512

    bf2610cf928550e2708e1fdc89a3ef4bd085338705b271431a350ed311aba64814d0c4be54471e2b22989f494ec6b71c76e4e64925d330317cc1a666791d8f82

    Download Submit

  • memory/1268-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2436-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.