Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

770d832b09...39.exe

windows7-x64

7

770d832b09...39.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/01/2024, 09:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    770d832b09fbe86e75e16191d89f1639.exe

  • Size

    293KB

  • MD5

    770d832b09fbe86e75e16191d89f1639

  • SHA1

    8a437ed91cdb1a4f0a2c7ae4ab3d020574a0b92c

  • SHA256

    57a69ca68ccdfd6b2088a8a77b034dde8427328a767feb9705f167b7d7d88e4f

  • SHA512

    682cc61e99942a899be7637ac96254232f8d3e579a5e515044225a932ce60d8c9be1fc0a5e098cc367445b72609a615ca9a2fce9eefb999234c9cdee5a4c47e7

  • SSDEEP

    6144:TRgym92YGB+40vPLGPAyY8Y4paxrMSK5ply43vNRNByTb7NF31NO:V6fu+40vPH7riL3vNRM91u

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\770d832b09fbe86e75e16191d89f1639.exe
    "C:\Users\Admin\AppData\Local\Temp\770d832b09fbe86e75e16191d89f1639.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3192
    • C:\Users\Admin\AppData\Local\Temp\7zSDC6.tmp\winvnc.exe
      .\winvnc.exe
      2⤵
      • Executes dropped EXE
      PID:2724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zSDC6.tmp\background.bmp
    Filesize

    1KB

    MD5

    6ce6e5fcf1a56b80f4ffa6f685d4329d

    SHA1

    91780868c241e83754003855407805c0cda20254

    SHA256

    6fcc92e281d25569d300297ef79a5796bc5e0c226aa35624dd6a9f38b8413402

    SHA512

    7af21c8840f56c5ded22161504dd3d6c282ad83a0fb1f711fccfc7d87676de3036120e60e2c0e57fb998a0dcfe512950d3f16e0bdcb493d37a681f31b8cb399f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSDC6.tmp\helpdesk.txt
    Filesize

    1KB

    MD5

    7b20cd0ca0646be4c97609c311155bfc

    SHA1

    71bd28b696c37bb078cd70d0a19746312800fa69

    SHA256

    c0df4bfc8d8c8cd1729afc62e5fe5c5950551729335c0d289cf9373c3f60bec7

    SHA512

    3bc6719b4b307ee2c1e8c840aa9cdf65fbea01f775b90aa611e7237675db57d4ba4dba716950f2e5846ce87392b142f35dc99b26a1458fed67d05aa707998749

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSDC6.tmp\logo.bmp
    Filesize

    103KB

    MD5

    280d414001007065748ffcc3d61f91c3

    SHA1

    861d7e29008aa5f9323385aa5e57132f3e33943d

    SHA256

    aadf105f693ac8cec3f5f38c8deefbeb2bded921b43369f5233e4cc233a33b54

    SHA512

    02d21b2be66dc88e49fc8edf9387e231bc6d5baa0ac5319e5a01b1afa985cb2825e9f19fc8580d5f7df75fda77d94e1234c7a5e7d1b1fe8d9f5d4cb27b5a0fd2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zSDC6.tmp\winvnc.exe
    Filesize

    251KB

    MD5

    40a21759f5ad164f5c58e3c4c1a30ede

    SHA1

    287b840f6bd10a05922d9ded005eda53128efe12

    SHA256

    5ffb6b4b753e5915516c03f91e6cd09dcfdc87004ce3ecdd2e3e8d51bc0bea72

    SHA512

    19a1052731f8780dac7855454d38685a0e11a898c98c0138c8dcad722f34f9e50f34bbcad5915bf62886942934795d5907e2be081ce84639d415f14aa368db28

    Download Submit