Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

6fc55a52c6...67.exe

windows7-x64

7

6fc55a52c6...67.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/01/2024, 15:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6fc55a52c65710d459baad1bb4bf9f67.exe

  • Size

    2.7MB

  • MD5

    6fc55a52c65710d459baad1bb4bf9f67

  • SHA1

    8fd2f3ad14e6d841ff810f5de0af397cae6fcbac

  • SHA256

    265610a14cd084430573f5b38836136eaa697a602acfdd38181f25e29805321d

  • SHA512

    063ea6bc7f92ef1383787adbedf2bbef3e7e8cecd138062fec8546f933b899812fc237fa45181cdd57c247a2051101f5c93d415721fc1c22e55eeb60703d9b39

  • SSDEEP

    49152:Sayd14Z+T5QWSnWJ7HYvbrFtv2LIR9mmp0oQipdAjXyt9/Z+38MBEuHgkNR9j:SF4QNAgorWLIHmmp0oFpoi3/b4EufHj

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6fc55a52c65710d459baad1bb4bf9f67.exe
    C:\Users\Admin\AppData\Local\Temp\6fc55a52c65710d459baad1bb4bf9f67.exe
    1⤵
    • Deletes itself
    • Executes dropped EXE
    • Suspicious use of UnmapMainImage
    PID:2092
  • C:\Users\Admin\AppData\Local\Temp\6fc55a52c65710d459baad1bb4bf9f67.exe
    "C:\Users\Admin\AppData\Local\Temp\6fc55a52c65710d459baad1bb4bf9f67.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\6fc55a52c65710d459baad1bb4bf9f67.exe
    Filesize

    94KB

    MD5

    ba08836ee4e0469c4358e55a580a74cb

    SHA1

    45dc26d5c7d457e1e970df67f8209f691c581a22

    SHA256

    279e9e1878008c2e7a49b41c6fe60f205f190c8a963ba591e57b48d79d5abbd1

    SHA512

    b8e9100425a5cd3b95efd1041f85240cc8439a58271cfdf3bde88173f14494e2b25dc0d0bf082733f11ecfb4eb29cbf57a617a921ea1e48389669b3036cf95e1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\6fc55a52c65710d459baad1bb4bf9f67.exe
    Filesize

    181KB

    MD5

    b79affc4ed6166ed29ab572a050df3c3

    SHA1

    c947d02a4359b36dea11e3f41a865bc91923548b

    SHA256

    11eae3cb1c330a5354f6776546cce00669fa2dd2fc3d356f56b10323c3f0232a

    SHA512

    58811aa9ab0cd6ae6cad9f8e3f421c3bba33c0afe25a036e095844e123bce2e01653f24880873af63d657be42b5061ba157c8544e116b7ad3798546509f73cec

    Download Submit

  • memory/2092-18-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2092-23-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2092-25-0x0000000003530000-0x0000000003752000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2092-20-0x00000000002C0000-0x00000000003F1000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2092-16-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2092-32-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2976-1-0x0000000000250000-0x0000000000381000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2976-13-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2976-14-0x0000000003830000-0x0000000003D17000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2976-2-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2976-0-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2976-31-0x0000000003830000-0x0000000003D17000-memory.dmp

    Filesize

    4.9MB

    Download