Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

6fc55a52c6...67.exe

windows7-x64

7

6fc55a52c6...67.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/01/2024, 15:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6fc55a52c65710d459baad1bb4bf9f67.exe

  • Size

    2.7MB

  • MD5

    6fc55a52c65710d459baad1bb4bf9f67

  • SHA1

    8fd2f3ad14e6d841ff810f5de0af397cae6fcbac

  • SHA256

    265610a14cd084430573f5b38836136eaa697a602acfdd38181f25e29805321d

  • SHA512

    063ea6bc7f92ef1383787adbedf2bbef3e7e8cecd138062fec8546f933b899812fc237fa45181cdd57c247a2051101f5c93d415721fc1c22e55eeb60703d9b39

  • SSDEEP

    49152:Sayd14Z+T5QWSnWJ7HYvbrFtv2LIR9mmp0oQipdAjXyt9/Z+38MBEuHgkNR9j:SF4QNAgorWLIHmmp0oFpoi3/b4EufHj

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6fc55a52c65710d459baad1bb4bf9f67.exe
    "C:\Users\Admin\AppData\Local\Temp\6fc55a52c65710d459baad1bb4bf9f67.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:472
    • C:\Users\Admin\AppData\Local\Temp\6fc55a52c65710d459baad1bb4bf9f67.exe
      C:\Users\Admin\AppData\Local\Temp\6fc55a52c65710d459baad1bb4bf9f67.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\6fc55a52c65710d459baad1bb4bf9f67.exe
    Filesize

    707KB

    MD5

    d5fb1e64fdee584949243fdf5c773c89

    SHA1

    a8161b1315e3d29e1c109df0ac6789d049f0b293

    SHA256

    d1540fa1c04a9cdda43ec63c1aecec1d4ece5974e8f46ebbaa454fb3805d9d2d

    SHA512

    ef1a673df80b0a62f1ef022b41da8e5781e6abbde138291193669de8dea98e82f9fbaf1fa0698bded9ff32cebac2307e8763409352e8fc76d704618be19a8976

    Download Submit

  • memory/472-0-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/472-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/472-2-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/472-13-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4740-14-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/4740-16-0x0000000001CD0000-0x0000000001E01000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4740-15-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4740-21-0x00000000055C0000-0x00000000057E2000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4740-22-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4740-29-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download