Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7c1fc4c9d6...51.exe

windows7-x64

7

7c1fc4c9d6...51.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/01/2024, 04:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7c1fc4c9d684042bed9882cdc7b8fa51.exe

  • Size

    1.9MB

  • MD5

    7c1fc4c9d684042bed9882cdc7b8fa51

  • SHA1

    d7864dbcdcb2c49728e871303b4cb0c08365f10b

  • SHA256

    f230f0610cc32eed66b2e40c4a0f122f1de09a890f87703a3c38c82ca4364cd0

  • SHA512

    4dae12f1b7cfc0764c451f30d643ed6a65924b7c506f12301de3e3c52f4bd0d891a438784718ffa67036735ae8394e2a1297dfbcae8fbe90bab0a078a07cb8b3

  • SSDEEP

    49152:Qoa1taC070dZ+rE+WnklX2Jx0fGgan5OAas7:Qoa1taC0prWklX2Jx0Ogc57D7

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7c1fc4c9d684042bed9882cdc7b8fa51.exe
    "C:\Users\Admin\AppData\Local\Temp\7c1fc4c9d684042bed9882cdc7b8fa51.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1528
    • C:\Users\Admin\AppData\Local\Temp\441D.tmp
      "C:\Users\Admin\AppData\Local\Temp\441D.tmp" --splashC:\Users\Admin\AppData\Local\Temp\7c1fc4c9d684042bed9882cdc7b8fa51.exe E9970C5603A074F9BFC7D16F365F95A2E1D9BF05DC6458376EB8D34F857FF657946FF30092DA86CE08D0D81946C55BD2994B8366628E4CF2C553C5B7BC21D8D0
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:5092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\441D.tmp
    Filesize

    736KB

    MD5

    dafda22520763e9542f82893e468875d

    SHA1

    df1a462d3d38e3211ee100887c844b8d39023e1e

    SHA256

    28cfb6ad5667909a73730ccc057502efd9813e8772cb59519999d421aef6c3b5

    SHA512

    e4a112a82b8d0481f7cdc4e6c2d5de6f6afb28a61b86dfa26f453e9098dc6f21d00ba6711a5c9fc2b8d18f3d0bcccfee7a3a90c54206e19eb215bb47bdfd8d43

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\441D.tmp
    Filesize

    941KB

    MD5

    581b583333614731706eec72de9b8e64

    SHA1

    3a005c2a82f8d85becf8e1084dcc27533cc6094b

    SHA256

    a47bc68f26bfcdd96b763dae3f9d7205a3e8b4198a2b1da41d227f444f3b728c

    SHA512

    91972ab46002818ab5dabaaaad73fb7cf7f0890fddb9275403309610e189d5a20feac7d49c1d75ae409559b1f310ec140dcb2ac5331338d0c30709e4507bfa4e

    Download Submit

  • memory/1528-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/5092-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download