Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

786ed671a6...07.exe

windows7-x64

7

786ed671a6...07.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/01/2024, 21:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    786ed671a6377bdf06058615d03d6d07.exe

  • Size

    82KB

  • MD5

    786ed671a6377bdf06058615d03d6d07

  • SHA1

    e689f30916520f03934879fbf9ed3c20d67bdc95

  • SHA256

    a1e3ef7411af01c59c0df63545794405eed3fe9da6fbbfc6d5651da5e6cf0d41

  • SHA512

    b955623d81b68f87fbf154151c13e2bb8a6f9e51493b2914dbbd8a7034004843bda3a5799ca9bf741c0dade6941c713a37502464eff6b87e518fcae67444180a

  • SSDEEP

    1536:VDiuq497R3eylXIcfo33gS20M+GrkbvA8PwfgETr9r+SfBhMNza8RAp:VDiq93eylNo33C0M+nJYzTl+UWeAAp

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\786ed671a6377bdf06058615d03d6d07.exe
    "C:\Users\Admin\AppData\Local\Temp\786ed671a6377bdf06058615d03d6d07.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1776
    • C:\Users\Admin\AppData\Local\Temp\786ed671a6377bdf06058615d03d6d07.exe
      C:\Users\Admin\AppData\Local\Temp\786ed671a6377bdf06058615d03d6d07.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\786ed671a6377bdf06058615d03d6d07.exe
    Filesize

    82KB

    MD5

    65ba60e42e00f1f5dbbc709c1e393149

    SHA1

    50d09878f9bdbe7e25530539b86195db58edf918

    SHA256

    5639dfd3d7b0482f84578a2cce4c89577e97e6acfc75a5ad79d82bb1b599f371

    SHA512

    7affd2f59e753e3ef6e72d9b86d9bac5a55ae65da9adffe232008e6eeb6da4a66984edd7c5cb063f899f387bf9e21aea88c70f24443fffe56a961062ae6b9060

    Download Submit

  • memory/1776-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1776-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1776-3-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1776-14-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2472-16-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2472-17-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2472-23-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2472-28-0x0000000000220000-0x000000000023B000-memory.dmp

    Filesize

    108KB

    Download