Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

51fd50df40...71.exe

windows7-x64

7

51fd50df40...71.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2024, 00:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    51fd50df40d19d13b412383197889471.exe

  • Size

    209KB

  • MD5

    51fd50df40d19d13b412383197889471

  • SHA1

    67a8984b803f9543de5307d04381bf378675b138

  • SHA256

    e5e8b1217cac444e0f89a69c678a0687a25a4dbdcc63a102b4e675944b97d469

  • SHA512

    14248e5cc0d24aa33bb679a39300c64c35c08f1a22a763a8f96ee063af152c74220e24237b0a57c2a20b9ad76df01e88fb636a7cc9f0dd7288aff69006c78ab8

  • SSDEEP

    3072:FldnAR6Ox0hqHb04xgQW2XGjrfWkv7gVyEW8947OhYCHGXODvjLiOoRda1E/ejuK:FlddzozE2XGjrWD7bubC6273E/kEl

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 6 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save ose00000.exe.com -include s.dll -overwrite -nodelete
    1⤵
    • Executes dropped EXE
    PID:2180
  • C:\Users\Admin\AppData\Local\Temp\19C8.tmp\mpress.exe
    "C:\Users\Admin\AppData\Local\Temp\19C8.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe19C9.tmp"
    1⤵
    • Executes dropped EXE
    PID:2604
  • C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 51fd50df40d19d13b412383197889471.exe.com -include s.dll -overwrite -nodelete
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2744
  • C:\Windows\SysWOW64\cmd.exe
    cmd /c ""C:\Users\Admin\AppData\Local\Temp\1999.tmp\vir.bat""
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2660
    • C:\Windows\SysWOW64\calc.exe
      CALC.EXE
      2⤵
        PID:2832
    • C:\Users\Admin\AppData\Local\Temp\51fd50df40d19d13b412383197889471.exe
      "C:\Users\Admin\AppData\Local\Temp\51fd50df40d19d13b412383197889471.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1936

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1936-0-0x0000000000400000-0x00000000004BF000-memory.dmp

      Filesize

      764KB

      Download

    • memory/1936-107-0x0000000000400000-0x00000000004BF000-memory.dmp

      Filesize

      764KB

      Download

    • memory/2604-69-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2604-74-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2744-68-0x0000000000650000-0x0000000000684000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2744-66-0x0000000000650000-0x0000000000684000-memory.dmp

      Filesize

      208KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.