Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8af626d797...15.exe

windows7-x64

3

8af626d797...15.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/02/2024, 00:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8af626d79700d8353ea0b466d54de715.exe

  • Size

    374KB

  • MD5

    8af626d79700d8353ea0b466d54de715

  • SHA1

    a0f1bed698c3b1cdc128cee99b8fe8ff4157e6a0

  • SHA256

    cff15d8949d0ff900998e82d4eee4cbebf29624d59ace34b875a434a10cb9b3f

  • SHA512

    2b73da93b3c5e51c01734037338a3963183f1a4c5b7dd38f35f7e19186eec0c10df647b0237e884c0cebd83efca9dc44cf780de788ba4f07b313925d782a0068

  • SSDEEP

    6144:eFSNNpecRUSEZ+1YSwajc4crP2CVqXDbertpQ9TgcgaBKWi7sJ/TaK299P7i:eiVKSELSvhNOtITgcgani7sJrV2Di

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8af626d79700d8353ea0b466d54de715.exe
    "C:\Users\Admin\AppData\Local\Temp\8af626d79700d8353ea0b466d54de715.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:5112
    • C:\Program Files\Common Files\Microsoft Shared\MSInfo\LSASS
      "C:\Program Files\Common Files\Microsoft Shared\MSInfo\LSASS"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3976
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
          PID:2972
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\Deleteme.bat
        2⤵
          PID:2692

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files\Common Files\microsoft shared\MSInfo\LSASS
        Filesize

        374KB

        MD5

        8af626d79700d8353ea0b466d54de715

        SHA1

        a0f1bed698c3b1cdc128cee99b8fe8ff4157e6a0

        SHA256

        cff15d8949d0ff900998e82d4eee4cbebf29624d59ace34b875a434a10cb9b3f

        SHA512

        2b73da93b3c5e51c01734037338a3963183f1a4c5b7dd38f35f7e19186eec0c10df647b0237e884c0cebd83efca9dc44cf780de788ba4f07b313925d782a0068

        Download Submit

      • C:\Windows\SysWOW64\Deleteme.bat
        Filesize

        184B

        MD5

        5b692181feba26bb45af24253af5d589

        SHA1

        cf5580df9eeeea6c8c140e3c049e380768e6158b

        SHA256

        c15cab4a9e82aef1841cbb1dd5f4eebbdb5c7847a49291da328cc10cc2bf64c0

        SHA512

        ef6c807a1c08c112864cc0bf4ce8a5640dd3514b154ff8ca42f1a162e73429039965c45ac2d09b65c60aab121ad2dc5e5c09de00a780e54bab5ab2743dfe93a3

        Download Submit

      • memory/3976-15-0x00000000021D0000-0x00000000021D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3976-17-0x0000000000400000-0x0000000000583000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/5112-0-0x0000000000400000-0x0000000000583000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/5112-1-0x0000000000750000-0x0000000000751000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5112-2-0x0000000000750000-0x0000000000751000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5112-6-0x0000000000790000-0x0000000000791000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5112-19-0x0000000000400000-0x0000000000583000-memory.dmp

        Filesize

        1.5MB

        Download