Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

897d2a807b...6d.exe

windows7-x64

7

897d2a807b...6d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    02/02/2024, 12:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    897d2a807ba50e5b420afbfa3c27b36d.exe

  • Size

    1.5MB

  • MD5

    897d2a807ba50e5b420afbfa3c27b36d

  • SHA1

    85b0d4274b3f97345f70de26a0c40e71707b216c

  • SHA256

    cd0ccc0088fd6bcb410629d1675374ec46331a1f6ac4020fab32b671eb498e8e

  • SHA512

    2a5c3bea383581efe1f904da0d2cd8709f6cbeee7d6b2fcf6588c0cec42ecdb8b9fa74661dcfb0ca7b9171670742fb85a18ff5c6167955606cc2f665005707d8

  • SSDEEP

    24576:DTfEWQMHi9jzdDnAi5YcnbQRUu73f7x7B/4V6q3jyjjcw:PcW4fKPRUaP7x7Bjq3+n

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\897d2a807ba50e5b420afbfa3c27b36d.exe
    "C:\Users\Admin\AppData\Local\Temp\897d2a807ba50e5b420afbfa3c27b36d.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2768
    • C:\Users\Admin\AppData\Local\Temp\is-O3OUT.tmp\897d2a807ba50e5b420afbfa3c27b36d.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-O3OUT.tmp\897d2a807ba50e5b420afbfa3c27b36d.tmp" /SL5="$400EE,738870,721408,C:\Users\Admin\AppData\Local\Temp\897d2a807ba50e5b420afbfa3c27b36d.exe"
      2⤵
      • Executes dropped EXE
      PID:2336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-O3OUT.tmp\897d2a807ba50e5b420afbfa3c27b36d.tmp
    Filesize

    2.4MB

    MD5

    8e2d270339dcd0a68fbb2f02a65d45dd

    SHA1

    bfcdb1f71692020858f96960e432e94a4e70c4a4

    SHA256

    506176b3245de84bb0b7a4da4b8068b9dd289eb9a3a1757d4183c7c3f168c811

    SHA512

    31eac8aabe8ac83f24d4eba21bc3a52b56105f52402aeb00e505a6be3208cf92cc57529b26f1b29605f554dccdff51e9f28f584268bfda689f53be624f3fd647

    Download Submit

  • memory/2336-8-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2336-11-0x0000000000400000-0x0000000000679000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2336-14-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2768-1-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2768-10-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download