Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7cf163ddf0...84.exe

windows7-x64

7

7cf163ddf0...84.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    28/01/2024, 11:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7cf163ddf099e1a8197c2acf7aaf1484.exe

  • Size

    257KB

  • MD5

    7cf163ddf099e1a8197c2acf7aaf1484

  • SHA1

    97abbb2a88f9603748f78a1c934a0dfe4d176df3

  • SHA256

    d39edef8ffb588c2c7a197bba6b8ade680e91e52c4288dd94cf621af86ea221e

  • SHA512

    0921a04c607fd91ada884c3a79661142a3a2efc041f9fbd578d11536f63ced0376728baae76e8a9586405a294f3931628a55b8834f8381be0c65c4c10da19ceb

  • SSDEEP

    6144:J0hMcD39a7O6mb+oHO9beyKt/4H2iW39m2g45oS:Julg7dmbXHO9KHtOBWtm2g45oS

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7cf163ddf099e1a8197c2acf7aaf1484.exe
    "C:\Users\Admin\AppData\Local\Temp\7cf163ddf099e1a8197c2acf7aaf1484.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1384
    • C:\Windows\SysWOW64\svchosn.exe
      C:\Windows\system32\svchosn.exe -k netsvcs
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:2996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\svchosn.exe
    Filesize

    140KB

    MD5

    757c622c9459877150bf84c622035aee

    SHA1

    76c0e501ccbf344414c8e32a62eb1f0aa7c4ddcb

    SHA256

    3853b555d7574ef25d5e65cad7d117ac2f9590c499cbffd89f58406962a09c04

    SHA512

    b12258a14797e204c96bbda051aeb45127a74bcc18c7d405b86532d2cdcbc56de4c3649610280515eb349925bdda3d89eb469fc314bfe05030745015de765e6d

    Download Submit

  • C:\Windows\SysWOW64\svchosn.exe
    Filesize

    234KB

    MD5

    50cea25ea11115644f56784cb1bcd35c

    SHA1

    5186b26b32960d3441d66ef537637342d8325bbf

    SHA256

    58ca4cd9d01bc59db2c9e7efacbb86d4f33a916a3a4e187ef6b6f0a34d21716f

    SHA512

    7e396c40b72ca744dc43b06ac96cbe23f72ed4f9096a82b10cd1e2d77b828e15106dbfecde22948358a8f0a61252b5e46d92fb7dce9d7c1edbf30d8068134aa8

    Download Submit

  • C:\Windows\SysWOW64\svchosn.exe
    Filesize

    136KB

    MD5

    f6e68576747a98542d8ac7ca1b89308b

    SHA1

    a6da77a503cf9471a306611c8e051fb03c103297

    SHA256

    c3f4add1751d993624d69c1a57291b664ca4203c811b7d7b634a779c685feeb9

    SHA512

    1df6fc0a54cfd67d8b4c2d7df6283b97baae58ac6ab1b111323ce69b777b28114e6460c21ce7ec41f6bf6b6848253dde8757cf194ff9ffcb894748a0c8714143

    Download Submit

  • memory/1384-0-0x0000000000400000-0x00000000004B0000-memory.dmp

    Filesize

    704KB

    Download

  • memory/1384-3-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1384-15-0x0000000000400000-0x00000000004B0000-memory.dmp

    Filesize

    704KB

    Download

  • memory/1384-11-0x0000000001F10000-0x0000000001FC0000-memory.dmp

    Filesize

    704KB

    Download

  • memory/2996-16-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2996-14-0x0000000000400000-0x00000000004B0000-memory.dmp

    Filesize

    704KB

    Download

  • memory/2996-12-0x0000000000400000-0x00000000004B0000-memory.dmp

    Filesize

    704KB

    Download