Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

87600ce720...5c.exe

windows7-x64

7

87600ce720...5c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/02/2024, 16:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    87600ce72025f32a28698c68dbc95d5c.exe

  • Size

    385KB

  • MD5

    87600ce72025f32a28698c68dbc95d5c

  • SHA1

    5b4d5c2fe36701c72d484950209bd35bc3a93a23

  • SHA256

    400989f5afef8fb2ca3d70cb0580b5d150e3e89622763ce457fd6c46b084d603

  • SHA512

    5bcbb30382a4bd7eb86df7586647811cb420a786139737cbc93cc80203f4e2ecae0d2dd24670de632a67649a308a4834473aae800571260accdc8073f1d745e7

  • SSDEEP

    12288:an3fspWek6JGcnyM52atUQpZ/EztVhsP1B:YaV4cnTxtTyz+dB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\87600ce72025f32a28698c68dbc95d5c.exe
    "C:\Users\Admin\AppData\Local\Temp\87600ce72025f32a28698c68dbc95d5c.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2496
    • C:\Users\Admin\AppData\Local\Temp\87600ce72025f32a28698c68dbc95d5c.exe
      C:\Users\Admin\AppData\Local\Temp\87600ce72025f32a28698c68dbc95d5c.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\87600ce72025f32a28698c68dbc95d5c.exe
    Filesize

    385KB

    MD5

    5ff3d3c03a2214595082b9d0d7d99649

    SHA1

    eed0b2ae0fc4291e10f602e7784f41cae8bbd96e

    SHA256

    27d85423a0bdb16fafa4878f6a956517957123e5a2d7efcf67d9e0d224010aaf

    SHA512

    62bbe7bf38635628664ae39a5b9a7ccbd784f5ced5239c3124d6d4e7378e4e381eb839b9cbdba21a3560f00c4bdb6ae7f910b5475ca1cfaeb82e05567b5dc6db

    Download Submit

  • memory/2496-0-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2496-1-0x0000000001610000-0x0000000001676000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2496-2-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/2496-12-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/2548-14-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2548-21-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2548-20-0x00000000015D0000-0x000000000162F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/2548-16-0x0000000001470000-0x00000000014D6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2548-31-0x000000000B600000-0x000000000B63C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2548-36-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2548-30-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download