Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

521eb8675a...cf.exe

windows7-x64

7

521eb8675a...cf.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2024, 01:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    521eb8675a2b7e0c8872a0a71e9651cf.exe

  • Size

    1.9MB

  • MD5

    521eb8675a2b7e0c8872a0a71e9651cf

  • SHA1

    bc2dc6ebc59b76299fbf8bcc20226a7451ae813d

  • SHA256

    96ff6650e3a460f142977e02979b0402b65623d89c6b65383ff739712233be96

  • SHA512

    9a814e4cc75c8df243995c036df3d36f34fe05699ddb472392c9fdc2074fbcb4bda0f9ad7df2430c5d399746a4dc6f379a3dafdd780ba80b01afbcb79b12f633

  • SSDEEP

    49152:Qoa1taC070drLCfyGO0koVI7JkFsCnP+44fMu:Qoa1taC0ML68KykOCnW440u

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\521eb8675a2b7e0c8872a0a71e9651cf.exe
    "C:\Users\Admin\AppData\Local\Temp\521eb8675a2b7e0c8872a0a71e9651cf.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Users\Admin\AppData\Local\Temp\18ED.tmp
      "C:\Users\Admin\AppData\Local\Temp\18ED.tmp" --splashC:\Users\Admin\AppData\Local\Temp\521eb8675a2b7e0c8872a0a71e9651cf.exe 72FFB773C900BFE1762BDE054617FA192FB4EF43AA07F7619AB90F9D5DB31E3573893B92EFBBE7E2F904487769CB954EC11278C868CAAEE22E2387109DB9ABB3
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\18ED.tmp
    Filesize

    383KB

    MD5

    8a5d601994ced72cbfa428d8f347c0dc

    SHA1

    86efd5eddd7606977df5800b34b9238a258eb507

    SHA256

    b1de9a4fe59b866f88136045f597e399d236e8998c443d0fa821f4e53d693d70

    SHA512

    668d3e2f47490bc7b18a00c1d5dc2158f43010c7f854912c7fbae840099a5e657a7033fd7d853a6c864610f8babb02f48bffa5e65cda23fb82b803344e407cbc

    Download Submit

  • \Users\Admin\AppData\Local\Temp\18ED.tmp
    Filesize

    235KB

    MD5

    1c91809e5119aa991be21394c55b7a47

    SHA1

    38d0085f4dc5565bc5b748317613fbe80b2f2812

    SHA256

    cb575c6ac08e54e1c1d818094b10732ffa1eaea1c87922a34310c43a48f72d9e

    SHA512

    7bd0564415e4a6bbf1df71c678bfa7936da78e7ece0d39269658051a87e7b30dcbf5e57d4fea638d8c40b82befda440f4e8cbddd6b5b429eeec68b20c0d8997a

    Download Submit

  • memory/2504-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2520-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download