Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

639be9fbce...16.exe

windows7-x64

7

639be9fbce...16.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/01/2024, 14:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316.exe

  • Size

    11.9MB

  • MD5

    e31cc2191508fe25b1f0b4ad880447da

  • SHA1

    4ed873eb8117df1c5be589ee206113357b269bef

  • SHA256

    639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316

  • SHA512

    83d6957360eae733ced62bc99fe88ce77d44011db154478cb6947e9d7d3e03598162a86ff7a1ca2b21ce2d06b719fbaa24dd42a60c344b2a24f861c65833d87a

  • SSDEEP

    196608:KBlctqPNu4y4DzphkPoOoR8p1f+z08FD8uvs/djg7Cl+mRygga0hoJoii+zL0Dki:bQlu4yWcPolRQN+fFYuvs/djg7C81gpE

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316.exe
    "C:\Users\Admin\AppData\Local\Temp\639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1124
    • C:\Users\Admin\AppData\Local\Temp\is-EBFV9.tmp\639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-EBFV9.tmp\639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316.tmp" /SL5="$90054,11599674,1028096,C:\Users\Admin\AppData\Local\Temp\639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-0FQ12.tmp\_isetup\_isdecmp.dll
    Filesize

    28KB

    MD5

    077cb4461a2767383b317eb0c50f5f13

    SHA1

    584e64f1d162398b7f377ce55a6b5740379c4282

    SHA256

    8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64

    SHA512

    b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-EBFV9.tmp\639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316.tmp
    Filesize

    3.2MB

    MD5

    a546c618b8e22ae29c35e0c11a1b216f

    SHA1

    324b174fb6d732f2e795dcf52b5a674cb89a417d

    SHA256

    6239332e5ed0538fc1f37439629ad93ffa5908b6b9b522b77d86b9d21d840ddc

    SHA512

    bfb67402c93b715d25a6d7f0d4d1e2638fd8d3c9caa87574b285f624f412f0fdaf80f9f92f5ff63ea61ff3faae2ba08ace677eabb758611c8a3c485fa5e350b4

    Download Submit

  • memory/1124-0-0x0000000000400000-0x0000000000508000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1124-12-0x0000000000400000-0x0000000000508000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1584-5-0x00000000008F0000-0x00000000008F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1584-13-0x0000000000400000-0x0000000000746000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1584-16-0x00000000008F0000-0x00000000008F1000-memory.dmp

    Filesize

    4KB

    Download