Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

645ba00dec...7e.exe

windows7-x64

7

645ba00dec...7e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/01/2024, 03:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    645ba00dec0fa5c41d8037fe949e9e7e.exe

  • Size

    1.2MB

  • MD5

    645ba00dec0fa5c41d8037fe949e9e7e

  • SHA1

    34c45cf4d6155045ff5119d53967cb3e88043495

  • SHA256

    5b8f1e1b9c475e7d6b1683de78306a3c11be7f96af1716ab5684414bfeefe195

  • SHA512

    c1775adfdd2b5bd59ad0cbb66b51067c332f85e49bb164df36371fe261b13400a8db92a9ca35bafaad4a45d282fa00035a04a0847d3f3964da987995fe89a278

  • SSDEEP

    24576:82UFtkhzcInc8Ipyzw3H20lL25G8/UTryECpwAPnuo+y7Ka+LIZ+F/:82kkCIncXEzuFpQGcUTrBaIM7KyQZ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\645ba00dec0fa5c41d8037fe949e9e7e.exe
    "C:\Users\Admin\AppData\Local\Temp\645ba00dec0fa5c41d8037fe949e9e7e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4124
    • C:\Users\Admin\AppData\Local\Temp\is-31NQC.tmp\645ba00dec0fa5c41d8037fe949e9e7e.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-31NQC.tmp\645ba00dec0fa5c41d8037fe949e9e7e.tmp" /SL5="$601DE,1016276,54784,C:\Users\Admin\AppData\Local\Temp\645ba00dec0fa5c41d8037fe949e9e7e.exe"
      2⤵
      • Executes dropped EXE
      PID:2084

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-31NQC.tmp\645ba00dec0fa5c41d8037fe949e9e7e.tmp
    Filesize

    670KB

    MD5

    516247fd8f1c4a85d33c7aaeb3c0cee4

    SHA1

    86495cd2ee413a7eeb45221f582a28a8cc8435b1

    SHA256

    44d61039358e3f53da33a672f88a6fcdc3fada2e8a11a442f84ce18e6cc0ac06

    SHA512

    5fe9cb6c263b902291a3b4cbc30884d8c1a56b900b67778d698fad231e75137f71a9ee0ce3b01caa3b25a23a251b2104213645f2e6015e72ec3833aa25d1e27a

    Download Submit

  • memory/2084-7-0x00000000007A0000-0x00000000007A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2084-14-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2084-18-0x00000000007A0000-0x00000000007A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4124-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4124-2-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4124-13-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download