Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

780f5a8a5e...06.exe

windows7-x64

7

780f5a8a5e...06.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/01/2024, 18:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    780f5a8a5e5e8ac22729cbdd7c6afb06.exe

  • Size

    1.9MB

  • MD5

    780f5a8a5e5e8ac22729cbdd7c6afb06

  • SHA1

    08bd95ef73d81b649b4f249818c4332c9c920a75

  • SHA256

    21696de1697f6e27a01762e33a3db587187bce7e871213a6ba32b9bc1096d403

  • SHA512

    34072b8c26bd5a7edb96619bce51417a1bb8e0c84b5272902c261adb5c9e21dd0fe1316ca128d4e83eac35e3d6d03d38e1a02aaa76f527d4b7fe29cb32ca9950

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10dYfWtc9jaTEdfiPXhr5J/T2IVw3ZCZO6R5Wz+:Qoa1taC070dYUcrdsxlJb2C5KL/6dZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\780f5a8a5e5e8ac22729cbdd7c6afb06.exe
    "C:\Users\Admin\AppData\Local\Temp\780f5a8a5e5e8ac22729cbdd7c6afb06.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4792
    • C:\Users\Admin\AppData\Local\Temp\B2E5.tmp
      "C:\Users\Admin\AppData\Local\Temp\B2E5.tmp" --splashC:\Users\Admin\AppData\Local\Temp\780f5a8a5e5e8ac22729cbdd7c6afb06.exe 7F2A635E0F532BA12D9A00AC528F75B17101960978C793A71BEED7C546DE6B4393F4D0D1236668BF87E51D3BEC1F2D1962B50C585A74934DFDA652BDE457E1AE
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\B2E5.tmp
    Filesize

    1.9MB

    MD5

    5f88a1d4967a6d6b45361398435b832c

    SHA1

    e2b28764587e701ac1ec67f7bbd4830612d0a777

    SHA256

    68c65e9a6269e7436f397044c34af8223d861838100e48851c463f5a8fb88600

    SHA512

    3f0fac5b61b5509db07a8aa87c4c528b92d77642a799943938581c07a0674768d2938bd23353718780a59aa0a96c15c7568a0e32cb601fece6508717009d298f

    Download Submit

  • memory/1860-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4792-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download