Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

5b400f024b...f0.exe

windows7-x64

7

5b400f024b...f0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/01/2024, 12:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b400f024ba11a2b96a493178a3785f0.exe

  • Size

    994KB

  • MD5

    5b400f024ba11a2b96a493178a3785f0

  • SHA1

    99b10077bb9b55232225f388c83b23bf17406a98

  • SHA256

    ff4e18bac71a13a37d1c996771f617215a78ecae5e3ad61dc9ca4e5b27447033

  • SHA512

    42b425edac53437599e7a01c4e17d7e121b1fe7d6986fbea2450bf7bfba2f19fd65c6ef92b89646722eaca0e632e43c4bfe9275a978eefedb3c889fd53b32951

  • SSDEEP

    24576:dgdhhQGGniba/WPpuvlBEaneHueYQFSMVp3aUfV:dqj5s8+elYQFSMqQ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b400f024ba11a2b96a493178a3785f0.exe
    "C:\Users\Admin\AppData\Local\Temp\5b400f024ba11a2b96a493178a3785f0.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:804
    • C:\Program Files (x86)\cs\zf.exe
      "C:\Program Files (x86)\cs\zf.exe"
      2⤵
      • Executes dropped EXE
      PID:208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\cs\zf.exe
    Filesize

    1008KB

    MD5

    9f82b94846943a92fd5d22c38de567ba

    SHA1

    958e09e34fcce10e14d97099cbe46e7ff7d9060b

    SHA256

    91bd1f76f5fb6aac3452ee79d04b508fa09e8879237f3567f32d8df00c9922b7

    SHA512

    026f49e29b35af4e36a9c9e76f6aa833078beeb5c4909dd004899e63b52ff29dd6e0a339314db1c42bc8406b10895a0eae5d4c24f2b0341ca27120416cc4b329

    Download Submit

  • memory/208-5-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/804-3-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download