Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7128202f19...b7.exe

windows7-x64

7

7128202f19...b7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/01/2024, 02:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7128202f199e0742463c0a8c120631b7.exe

  • Size

    1.3MB

  • MD5

    7128202f199e0742463c0a8c120631b7

  • SHA1

    216b7b784e30e1e5d9a8551c449ce6aab42098c3

  • SHA256

    48227214cfe67bda9e5512e349d3faa6865aa7a341928fa72b492d9d494edf5b

  • SHA512

    8e396f8acf1652f79f3f4b594916a953eaac8fcb3d4d0f9e426ad187362f8507269f6dedac701e5dac3e40c957b840aedd59717e6d08170631d5b55c4020bfc3

  • SSDEEP

    24576:qKeyxTAJj7PZFK30B3I9ILWDdhV1uBKqu/PJCBrxF/1vvz6tDj:qKeyRAwEB3w7DbuBK18xF/1vvz6x

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7128202f199e0742463c0a8c120631b7.exe
    "C:\Users\Admin\AppData\Local\Temp\7128202f199e0742463c0a8c120631b7.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:368
    • C:\Program Files (x86)\jczhifkexq\lsprznaeeprwyu.exe
      "C:\Program Files (x86)\jczhifkexq\lsprznaeeprwyu.exe"
      2⤵
      • Executes dropped EXE
      PID:216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\jczhifkexq\lsprznaeeprwyu.exe
    Filesize

    314KB

    MD5

    6214feb0bf9f8fcb55127020eaffeb62

    SHA1

    6b82429ffbfce894c48cf8c0d3a925d87f727a7b

    SHA256

    9abe74d644d0e171c3809610983cd6a8501ebd89cc793e482187323577a6779b

    SHA512

    a254877f3801cda198a93ff0837bc78cbc29211ec468e281fc5728981c2d783a1f5cbde43ff7e7eb2286f260f356171c0e3579e258417442eef1e3e127da2e73

    Download Submit

  • C:\Program Files (x86)\jczhifkexq\lsprznaeeprwyu.exe
    Filesize

    359KB

    MD5

    47c1de5d03521008cc1c05ea49a9e19e

    SHA1

    3bd68dbf7325cc65d4c088cc05136baec4cc24d0

    SHA256

    962ac0d3622058f9e5bc618f59f99198939f633c16a4bf7217e617766e967828

    SHA512

    44834999bf899e1d648d6f97ba73f6aa8d8bd0c9456ac431e3fcc4d725a5118760707f9a81fb0c3bdc7aa1c47dbbd8c2d99dbdf3e50929006c133b71976fd5d6

    Download Submit

  • memory/216-8-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/216-9-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/368-0-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/368-1-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/368-6-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download