Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

05f70889fa...17.exe

windows7-x64

7

05f70889fa...17.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/01/2024, 16:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05f70889faab9026b3f10a7c7d57d80ed8b86b3b4cf0531730f11990f1ce0d17.exe

  • Size

    8.5MB

  • MD5

    36f483ebb13c2e7bea84e97e117062f4

  • SHA1

    3f782b2398848dfdf63c7230b9b96d47c4268a97

  • SHA256

    05f70889faab9026b3f10a7c7d57d80ed8b86b3b4cf0531730f11990f1ce0d17

  • SHA512

    07c1527f27c0bcc68e94f8c1113411ebf1cb0a41020554a7417082ff22d086431c7a21b88ed437efd61aff29cc40ab56e402f0833542ed296c57815a32f2bf0e

  • SSDEEP

    196608:CmmtcGjKom4Xhtblbr1S//m1In+V6FDHiwKCeysU:Pmtdl1bRuoIv7iRU

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05f70889faab9026b3f10a7c7d57d80ed8b86b3b4cf0531730f11990f1ce0d17.exe
    "C:\Users\Admin\AppData\Local\Temp\05f70889faab9026b3f10a7c7d57d80ed8b86b3b4cf0531730f11990f1ce0d17.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Users\Admin\AppData\Local\Temp\I1706200434\Windows\BLCC5_3_23.exe
      C:\Users\Admin\AppData\Local\Temp\I1706200434\Windows\BLCC5_3_23.exe
      2⤵
      • Executes dropped EXE
      PID:2588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\I1706200434\Windows\BLCC5_3_23.lax
    Filesize

    1KB

    MD5

    5c1105af1c9d3caed695aa9ef23d0342

    SHA1

    ad44b9eee6b85ef1e4bb772e7168d5770f247aef

    SHA256

    b70f0c2c75c7d60c89e793101398635f730e66e9de3d4a2865f4857c9c2d8688

    SHA512

    a0084b35bd6e00823ce4d3651ed5e7d57a2c1fa0ccd2c7ef90d5920dc1f61899d8362f9535106c691977e617f45d88ad3da0335944f3cc3b5cf7fba6949668e0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\I1706200434\Windows\jvmspecs\jvmspecs.properties
    Filesize

    498B

    MD5

    50c6a7f50d51b90ad8bd9f8460dbb886

    SHA1

    e7ad5b856d8e8953ba9a936bf515c7c0fb4f572c

    SHA256

    32802562589e6868ef929b91eaef37997f3d44eadb107422480ae8c03ea32a42

    SHA512

    344ec97754fdf1f6a0bc9a69fdd7ad725786602c32ec50428f17770df5e9a4c84e9f864415ccf1daf900c5ee949e5aff3e26976583ef4678883f09cd891bde29

    Download Submit

  • \Users\Admin\AppData\Local\Temp\I1706200434\Windows\BLCC5_3_23.exe
    Filesize

    545KB

    MD5

    2a0a5f4f9eb7f74c8dc5752368a85b56

    SHA1

    1834bb55003cdcea05cb715ab8d99eca6f3f1250

    SHA256

    d7821a898e6cb83641032ead55703d9656d7a38061c1b5e73be66899322856db

    SHA512

    3fa6c28ae8e9eb972bcaba7c7ec1fa2bcca425a4fea1c731486fdbaa1d1f19b6aea8467bd6483bef2e945a66c304fd2fa57c997ba8c97ea24772108750b124d4

    Download Submit