Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7e0580bc32...b9.exe

windows7-x64

7

7e0580bc32...b9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    28/01/2024, 21:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7e0580bc32a3dc316f087921ea0f18b9.exe

  • Size

    1.9MB

  • MD5

    7e0580bc32a3dc316f087921ea0f18b9

  • SHA1

    b89faac46ed932151b09f97a8d0d1ca0f046856b

  • SHA256

    eb105fe81c8503e52d969072703aa1b6badf5342f13e9e6b08d7cf7605c06a48

  • SHA512

    59e28b03a65cae1037327795cb3bbf5c5401259b22c7b12ab5e1a8f60012af8e30f807798231536a6927fbc7d333f21e002fd25ca108e618d54f46393e711000

  • SSDEEP

    49152:Qoa1taC070dldymcOrKLM6FQLrHZyea5mGSrJu:Qoa1taC0OymcOrKLM6SHQhgGSdu

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7e0580bc32a3dc316f087921ea0f18b9.exe
    "C:\Users\Admin\AppData\Local\Temp\7e0580bc32a3dc316f087921ea0f18b9.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Users\Admin\AppData\Local\Temp\1600.tmp
      "C:\Users\Admin\AppData\Local\Temp\1600.tmp" --splashC:\Users\Admin\AppData\Local\Temp\7e0580bc32a3dc316f087921ea0f18b9.exe 26EF633D27CB4C18AA1B9A3B36D3DAEECCBC066ACC136D6B3786C96F4E5371B11B82AB003621E64792C1CC9E0FFA16C5F3DF059B7D3C66959CBE950083D434AB
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1600.tmp
    Filesize

    1.3MB

    MD5

    1e0f7506c32dd571bb0d337adb95295a

    SHA1

    f06c5e3a9585e71805c7810cf78f94141a839f4e

    SHA256

    06c9639d72ecec4a840b8895493256285addff76dd9cda29e8f5cf5fa13d1d24

    SHA512

    ca73374b4a7b09ce44d721954a1639505f051d731dc1c3f20c193982a27531ef24160f298429536b279f894e9cf996a9c181230bed98224e4ea0db2e45b21a13

    Download Submit

  • \Users\Admin\AppData\Local\Temp\1600.tmp
    Filesize

    1.6MB

    MD5

    f43a702bd87f2e8280f4389da6b53d8d

    SHA1

    84977807516d6eac96a4bb2efac2ac69d8f55cf1

    SHA256

    cfccc2aca70947971be1d0cc0f005ce618d9be9da489b079ff57f8c5239928e8

    SHA512

    ad79a9f708de90de2fb16be6c7f1994d9af2176ee2c79076409dc4f6541c9fc5894111262e0ca1a80b3d474194d0f5459eb810688cd16482528758cfae1991ff

    Download Submit

  • memory/2020-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2064-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download