Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

5aa0d047d5...ee.exe

windows7-x64

7

5aa0d047d5...ee.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/01/2024, 07:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5aa0d047d549c9e84d0f157b4846fdee.exe

  • Size

    1.9MB

  • MD5

    5aa0d047d549c9e84d0f157b4846fdee

  • SHA1

    850ec23e69bd2d43c7cc470aa431120623f4f0b3

  • SHA256

    3239f73461ff05b9f4518dd124e7d61c1650aff55ccdb4ce528f08cda8dcdf89

  • SHA512

    654e1400f959c5ec6baab5cabe38d89c6a5488bfb152f17e3a6657cb3ef2916538c5f9385aa1be00c2c9f789ed339ab595c3269886f48157f94f6cdf8246c6d3

  • SSDEEP

    49152:Qoa1taC070da6ISdMpLv2PxuWR0R6r90fQzb:Qoa1taC0PASsxuyAE

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5aa0d047d549c9e84d0f157b4846fdee.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa0d047d549c9e84d0f157b4846fdee.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1856
    • C:\Users\Admin\AppData\Local\Temp\4585.tmp
      "C:\Users\Admin\AppData\Local\Temp\4585.tmp" --splashC:\Users\Admin\AppData\Local\Temp\5aa0d047d549c9e84d0f157b4846fdee.exe 5CDAD52176F5095CAAD58CD163C864317A35262CA4F2EC4B3018F47BEB99126D1994661CB604FEA6585231D0A798983E8910D32C21FABF669DC74E38CEFA96B6
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4585.tmp
    Filesize

    1.4MB

    MD5

    43ef7f96898288f804ec15269b66d270

    SHA1

    351770360d1fbdf96cd78ad80e02f5fd7c3b30dd

    SHA256

    62848d2b8a7260162220115c42961dc5d53b21d6a888e46d984815792ffb589a

    SHA512

    4d8e24cd1328d1903573640ff689895fe92dcf15f03453b84c6bfc72b1ea962900c157cb24236cf30f2f6edc1bf13ab838a7b7e4d20a0bbbbe700ef65716737d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4585.tmp
    Filesize

    832KB

    MD5

    33e572231d6b6e47286afee543adac11

    SHA1

    6d780d3ca48d014fa3e163aec3a3fd8e330d7acd

    SHA256

    afe88c623dad0b62a25b36d3c38b66509faf5be0a517fab2e5ab64c33677fccb

    SHA512

    93a09f65935f5d6d06f6595d6fa8432a025f70986f5c470e7e87e1b44350bc2b0de18c945962b47540a57eadb4042ef57cbf959d0c6c6d793de2f249585c609f

    Download Submit

  • memory/1856-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3200-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download