Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

85df04e8a8...be.exe

windows7-x64

7

85df04e8a8...be.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01/02/2024, 04:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    85df04e8a8a9aab7ef7536d5c7aef1be.exe

  • Size

    1.3MB

  • MD5

    85df04e8a8a9aab7ef7536d5c7aef1be

  • SHA1

    0adfa8beb1a74204df9656dc6aefa91350ac5af0

  • SHA256

    67a1ae967411b10574e7a03c89099f6981fedf3876cf065fec4591297489fe85

  • SHA512

    2a37b3ca9e462dab63b1882e92016c661094f90e05fb432e26340d89403a53869bf69e4b196ef0a31b70dde8672bf625eeb41862f6df6156ec187f5a8be69744

  • SSDEEP

    24576:tMmbsqJMICqJ9d3KDxD28eYPv9qVb4X73WmMX9RmRuOOHUvG:tMpqJMICqzm2dYtKi7G0/

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\85df04e8a8a9aab7ef7536d5c7aef1be.exe
    "C:\Users\Admin\AppData\Local\Temp\85df04e8a8a9aab7ef7536d5c7aef1be.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2984
    • C:\Users\Admin\AppData\Local\Temp\85df04e8a8a9aab7ef7536d5c7aef1be.exe
      C:\Users\Admin\AppData\Local\Temp\85df04e8a8a9aab7ef7536d5c7aef1be.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\85df04e8a8a9aab7ef7536d5c7aef1be.exe
    Filesize

    334KB

    MD5

    d977510410b5f5b442909e36b5ef3029

    SHA1

    160232b9c8f87f0b7d2ebe4c3e151ff96360bc47

    SHA256

    2f0545c6c7597f5aa41fcdd19d84328501b80e42b7f347a475521e46d1f89d48

    SHA512

    4dab0d8c2d10a27a1158ca435da67a045023816bbe5650ecd37561bb313b3e0bb3456d729d24630b4123050db15a3f4294fb9c7f3802a0897dbadb16e34e7e85

    Download Submit

  • \Users\Admin\AppData\Local\Temp\85df04e8a8a9aab7ef7536d5c7aef1be.exe
    Filesize

    400KB

    MD5

    8c128f439466905bf677ef547cd896d2

    SHA1

    b97c6fa99485393d240f539a362848e9273a0f42

    SHA256

    0302cfdd22b7492675bd3fc7def95df6f40409cea650ac902c976605a8d3baf7

    SHA512

    fcc1a0701acff36513f94178e86035d803a9ca7718e6bca706b5358332a754627012c6c33a7207163225ebfc5c6031910eafa245569fdb7a7f8293d2d4cca26e

    Download Submit

  • memory/2828-17-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2828-19-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2828-21-0x0000000001A60000-0x0000000001B72000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2828-26-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2984-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2984-1-0x00000000002A0000-0x00000000003B2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2984-2-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2984-14-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2984-16-0x00000000036C0000-0x0000000003B2A000-memory.dmp

    Filesize

    4.4MB

    Download