Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

64b5a5e585...66.exe

windows7-x64

7

64b5a5e585...66.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/01/2024, 06:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    64b5a5e585d63ae518ffd1ec9c16df66.exe

  • Size

    2.7MB

  • MD5

    64b5a5e585d63ae518ffd1ec9c16df66

  • SHA1

    dd6b3129a10e30afe89380631ea090547d02f1d3

  • SHA256

    a86a15efeb1d4a0e6397abcb8212bc46e57c65d1fc7ce354f09069914c3a03cc

  • SHA512

    c190aa3d59783782c2048c3cd6870b65be795c0d66e90e7ddd8e0da547b5f329da75640330c9d44b32f7245e6a83acb91dc4222e03bff3ecf29d85fb652ba7e8

  • SSDEEP

    49152:ptiKzr3J318D0PNcW51oyzsTcM9BtN74NH5HUyNRcUsCVOzetdZk:tbYD0P+W519zcciBt4HBUCczzMO

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\64b5a5e585d63ae518ffd1ec9c16df66.exe
    "C:\Users\Admin\AppData\Local\Temp\64b5a5e585d63ae518ffd1ec9c16df66.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3924
    • C:\Users\Admin\AppData\Local\Temp\64b5a5e585d63ae518ffd1ec9c16df66.exe
      C:\Users\Admin\AppData\Local\Temp\64b5a5e585d63ae518ffd1ec9c16df66.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\64b5a5e585d63ae518ffd1ec9c16df66.exe
    Filesize

    2.7MB

    MD5

    354c32f91c62c3ff6d67f2c42c0e4a83

    SHA1

    15e3c2b9a6ce6b881f3aa123f09aba3f9f43d3e1

    SHA256

    ee94fac95a1d3ff9012d3b5f36d14d3c606c6620e52b12ccdcb74508b7ba0fc7

    SHA512

    9b2d54495bff5c09e628a400a6a3217ab5adf5d8f34fb958edec10e203c06c5303af3749c49cea771745848b0adb0b4d981477ffa5a144e903ebba2e8422afee

    Download Submit

  • memory/3892-13-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/3892-14-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/3892-15-0x0000000001DB0000-0x0000000001EE3000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3892-20-0x00000000056B0000-0x00000000058DA000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/3892-21-0x0000000000400000-0x000000000061D000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3892-28-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/3924-0-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/3924-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3924-2-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/3924-12-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download