Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

447ddb67b8...b3.exe

windows7-x64

7

447ddb67b8...b3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/01/2024, 01:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    447ddb67b81d87351fe15e3795671eb3.exe

  • Size

    5.3MB

  • MD5

    447ddb67b81d87351fe15e3795671eb3

  • SHA1

    5683ea1a0759c49ef71f0cac438b56fbeab441c3

  • SHA256

    fa07a70bb42555359af37ac8ed3c5b29dda6a6f337bd43fc0995fc52eda7e820

  • SHA512

    a0b3e8d12a186835592c37251764742766223900df42f75ae3db0f41127f41dd12c3a4053cb65b17e404d2c27895ea1c004a3f6538b1e18ca10e7840e5cafd65

  • SSDEEP

    98304:WO9r5WE6DHktBcwQDM2YIDULHl2Qk325klqR9wtlHktBcwQDM2YIDULHt:/r5WE0schDHIFhFX9wXschDHIN

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\447ddb67b81d87351fe15e3795671eb3.exe
    "C:\Users\Admin\AppData\Local\Temp\447ddb67b81d87351fe15e3795671eb3.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:5088
    • C:\Users\Admin\AppData\Local\Temp\447ddb67b81d87351fe15e3795671eb3.exe
      C:\Users\Admin\AppData\Local\Temp\447ddb67b81d87351fe15e3795671eb3.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\447ddb67b81d87351fe15e3795671eb3.exe
    Filesize

    92KB

    MD5

    17031a5cc7920c3a138ff6b61d486a5a

    SHA1

    6ee4c92802f6a7e3e828ca9a416ce25094fd7f80

    SHA256

    06cc8280ba0ab8fec8b6a90861b58590fdd9ec33d1a8295083c569a99b2ed76c

    SHA512

    886f362d1c893abde37b0c84ce93bfa2851bc4a4d9d2474b6668e0a25e125cd584c00c48ed846b6961433afa5ab7cfa5211aec1eb19ce3ad189a5b32e1fa9b17

    Download Submit

  • memory/4536-16-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/4536-13-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4536-21-0x00000000055F0000-0x0000000005812000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4536-20-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4536-14-0x0000000001D00000-0x0000000001E31000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4536-28-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/5088-0-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/5088-2-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/5088-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/5088-12-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download