Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

71d20d5691...6f.exe

windows7-x64

7

71d20d5691...6f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/01/2024, 09:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    71d20d5691ccc04ffbd0fc1b5103bd6f.exe

  • Size

    915KB

  • MD5

    71d20d5691ccc04ffbd0fc1b5103bd6f

  • SHA1

    fe4f368398a07b27822719ec7dd8213e2f335534

  • SHA256

    bfec75be2d912e685772a62692fc641b22c6d2bae2b46f9c2fafda7cc58b9b19

  • SHA512

    1f4d2fda3ab0a1a0bae096d4cf8290bf7fae158ced159777ecc24e6f4ca8376030377a62ec313277173ea87a102dad8c127f636b3774c2bb328b5b97ce6f77aa

  • SSDEEP

    24576:7zXKqa8SEijjC+37liXbLbklmfB6vdinSW:7z6qaakjC+3srLAKB61inl

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\71d20d5691ccc04ffbd0fc1b5103bd6f.exe
    "C:\Users\Admin\AppData\Local\Temp\71d20d5691ccc04ffbd0fc1b5103bd6f.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:3880
    • C:\Program Files (x86)\sumudyy\qzx.exe
      "C:\Program Files (x86)\sumudyy\qzx.exe"
      2⤵
      • Executes dropped EXE
      PID:3032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\sumudyy\qzx.exe
    Filesize

    887KB

    MD5

    fb63d3ea7e848dae084d91c57a632321

    SHA1

    dc0ded17dc05f3f4e3eb2463c54b4e20dd396d04

    SHA256

    2b2a2e056f6425ffcf37a20ab17da0f5b7fd2065589df7a077567168fe0607e9

    SHA512

    150ed1768dfdc9e735ece200da192dbf6d679033f791e310c7dd3a46d52ffbb17711bb6519f8bf86ca5089bfb8f629ce27519ab769a448d6d6ec924f92b58993

    Download Submit

  • C:\Program Files (x86)\sumudyy\qzx.exe
    Filesize

    542KB

    MD5

    c707bc5e733fb0f74350f5eb32d8f758

    SHA1

    42ce304447c0ef2c4905fa1a8a3fbb7eaf163c31

    SHA256

    a8648f5b581efca3783ac55b68271c8982f8103b4fe17e8bc14a38d4539c7f05

    SHA512

    8a0ee06d3f4709cedc74b416e2d0dfbb15ff579b62c30906ce0b66307e2730e9f5d02ff2b1f8d30433e11bf697182a7b983ff7fe0c8ab47c6e98a8af4e34f9ba

    Download Submit

  • memory/3032-8-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/3032-9-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/3880-0-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/3880-1-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/3880-6-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download