Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8c927174d5...62.exe

windows7-x64

7

8c927174d5...62.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03/02/2024, 14:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8c927174d555f3a40371be4d66639d62.exe

  • Size

    887KB

  • MD5

    8c927174d555f3a40371be4d66639d62

  • SHA1

    8df1b39e36130962cc23734a09a76d8ee84ad41d

  • SHA256

    9758ee9d7ee86a4269062dbb5e8f273b9d9f61019e071436357b99c8f343c5f1

  • SHA512

    0a8a14ecbbc6c973f32c1d3d774e5136cba25e21be3baee972605d1c3c31019f7d7cb6374ff583f9bf0da9c60bd290d2eabc0f6f423c3a28cf196a267bb29c01

  • SSDEEP

    12288:MLry/neyx7f/A64j7PYV3H/BxJsQYrFy698hi2hT4wgfP3xeb07snchWhz9:qKeyxTAJj7PYJvYN9+i2Z4wWht7sncwp

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c927174d555f3a40371be4d66639d62.exe
    "C:\Users\Admin\AppData\Local\Temp\8c927174d555f3a40371be4d66639d62.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Program Files (x86)\kzstwuu\rodytxjxstu.exe
      "C:\Program Files (x86)\kzstwuu\rodytxjxstu.exe"
      2⤵
      • Executes dropped EXE
      PID:1084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files (x86)\kzstwuu\rodytxjxstu.exe
    Filesize

    912KB

    MD5

    9554a67c0e5ef0eddd3d9f4df027a64e

    SHA1

    c57e7701654a7af4c75b4240a5abc4b588bcc6a9

    SHA256

    74a8eed1c5e05ad752fce830ee6560f47b10a88246ec686ce2390b97ccd6479e

    SHA512

    9cd2b08ace8b02249a2379c7821a0fa370bdb266f61cbe424c397862b0ca263873dca1933a60cf5d66d3b8816605d24cb48480b00e5d73cac51ef906ee8a3f4d

    Download Submit

  • memory/1084-9-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1992-0-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1992-1-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1992-7-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download