Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

656df264bc...b8.exe

windows7-x64

7

656df264bc...b8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    18/01/2024, 12:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    656df264bc16a3c58958700e1b45e7b8.exe

  • Size

    1.9MB

  • MD5

    656df264bc16a3c58958700e1b45e7b8

  • SHA1

    01d12811a78dbc0860b4da2c1fde718155b89318

  • SHA256

    13dc4eb8953ceca2ca5c954a380823686c6ef9062fbb186c2d41bdd5eedd7ae2

  • SHA512

    0ca0b47dacccaa4b9929520eff6cd6a3b280445b77543f9a960b31c2523d4b1fc904e64c1c83dfa7e269d92f9816b2e57a65e57d27348b44a3dfb0b44afcda01

  • SSDEEP

    49152:Qoa1taC070dBfbL2/PYwwvxTGpi5QE+NNAotNiB:Qoa1taC0WewhxTCxNNAoCB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\656df264bc16a3c58958700e1b45e7b8.exe
    "C:\Users\Admin\AppData\Local\Temp\656df264bc16a3c58958700e1b45e7b8.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2888
    • C:\Users\Admin\AppData\Local\Temp\A1E.tmp
      "C:\Users\Admin\AppData\Local\Temp\A1E.tmp" --splashC:\Users\Admin\AppData\Local\Temp\656df264bc16a3c58958700e1b45e7b8.exe 292E890F87EE63FC35185C6DD11B07713102BD8EFA29189AB089C29DE5ED2ECB90235166EBA09196AE12CEA89DFAA9DB45DBC3115025368686BDBDB544177A08
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\A1E.tmp
    Filesize

    929KB

    MD5

    6bf7b705bb428420b951273f15f8e36f

    SHA1

    1a34e505764fc2a3f868705e2dad45b97817d746

    SHA256

    422df9af0b02a8be08302fb3aaf37ef804e6dbbc82cb79797132cf1810229095

    SHA512

    21d6b527ddeb3ed8360fcd2899175cadfdd76fd5f7d44ec4fc963c274e9c648002e93db8d387d7dad258fd4383eccd7aff062ac29a0d8e9525732a4f7d95b889

    Download Submit

  • \Users\Admin\AppData\Local\Temp\A1E.tmp
    Filesize

    659KB

    MD5

    62f712b14b93aa02d73a59f5ecde6637

    SHA1

    f6321e12a07443a59dc938cff35afa1a91f05501

    SHA256

    21f98e415832ee6697ad2ada2cff618f0c270a56f5a3e66215556d764911cc5d

    SHA512

    2b8ec45f6af582161375ad6608657d51deed410b050f648757aec929649b8aec4061cc4e3da981612cb69643fc2253926f64a0efd08e58740ae7f1445d99707b

    Download Submit

  • memory/1096-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2888-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download