Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7f0f5337ea...9d.exe

windows7-x64

7

7f0f5337ea...9d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/01/2024, 05:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7f0f5337ea9e44ebf7e93ff56299829d.exe

  • Size

    907KB

  • MD5

    7f0f5337ea9e44ebf7e93ff56299829d

  • SHA1

    b1b613558c5ea295aff1eda08cbbc8316e1d365d

  • SHA256

    b2831fc5c60a9ba6b3a357fa02bd5c0ce9bed7dae7bbd052eac2a92fe621b48c

  • SHA512

    d8d55d87cd469b50c5bd696b49090b7486a28cbc44ac143ca0aa042945dc90678a4727312a1134d9ce8d5ce4fa920304cea86ee31e885ace3898a2e7f29b500c

  • SSDEEP

    12288:ZCkv+Bh8eWFSY56tvc9O6S6U1O8emG5xAdhgJOH8nXcBYOFe0g02jVDa/ZS1:ZArcZ56tk9PS6tvNJOcYTFet00a/ZS1

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f0f5337ea9e44ebf7e93ff56299829d.exe
    "C:\Users\Admin\AppData\Local\Temp\7f0f5337ea9e44ebf7e93ff56299829d.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2752
    • C:\Users\Admin\AppData\Local\Temp\7f0f5337ea9e44ebf7e93ff56299829d.exe
      C:\Users\Admin\AppData\Local\Temp\7f0f5337ea9e44ebf7e93ff56299829d.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7f0f5337ea9e44ebf7e93ff56299829d.exe
    Filesize

    137KB

    MD5

    3d8fa8279355e4dac061039963582177

    SHA1

    f2c9c3a7bf97a84152e8f077a0b59474c5757158

    SHA256

    075015a8b436ecf17a56caa44504fda98547610526a3b861d7ab83fccd5064a3

    SHA512

    dfa6cf4b09ddbe89d082cca9d89ead747fe319cee5b1b15e6a25683c3ef5b43e07df2307fce33af1d69b9ed7a2e2949776f2eeb6d85f9124951090e9b4866a6b

    Download Submit

  • memory/2268-13-0x0000000000400000-0x00000000004E8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2268-14-0x00000000016B0000-0x0000000001798000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2268-20-0x0000000005090000-0x000000000514B000-memory.dmp

    Filesize

    748KB

    Download

  • memory/2268-21-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2268-31-0x000000000B900000-0x000000000B998000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2268-30-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2752-0-0x0000000000400000-0x00000000004E8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2752-1-0x0000000001790000-0x0000000001878000-memory.dmp

    Filesize

    928KB

    Download

  • memory/2752-2-0x0000000000400000-0x00000000004BB000-memory.dmp

    Filesize

    748KB

    Download

  • memory/2752-11-0x0000000000400000-0x00000000004BB000-memory.dmp

    Filesize

    748KB

    Download