Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

main.exe

windows7-x64

7

main.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    24s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 01:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    main.exe

  • Size

    13.3MB

  • MD5

    9914af53044c63779dede6b3fc8dfb41

  • SHA1

    14dc2658293f0253c62797795506544b6ea20616

  • SHA256

    f29c00a73e33fab90329c7aacea5c7866c5fbaa25aa2e1c19cc91c383ff7d9a8

  • SHA512

    4ca7abce0bd1ea04ad69ffc327a8fb9f4409369b66600a76ae679fe3dd7226ea3867e39aa1efcfc62586d43caf36268b18cac70cf1fe882cc2da520e22f2f993

  • SSDEEP

    196608:LydEOZwAOejUzmhRsTYjPZWdkSjl5dK6FuaMf8XD/N7QEYhtkUdJiIwT/W54RY0a:+Dm14gkUdkqdZ/Mfe/JQ1htrj/546J

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\main.exe
    "C:\Users\Admin\AppData\Local\Temp\main.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1960
    • C:\Users\Admin\AppData\Local\Temp\onefile_1960_133514848664246000\main.exe
      "C:\Users\Admin\AppData\Local\Temp\main.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\onefile_1960_133514848664246000\main.exe
    Filesize

    45KB

    MD5

    c3de2695c1f7d30ab4dcf3e1066a56de

    SHA1

    c5a16005faef61e35869d7909ed31d55dd827b61

    SHA256

    2f658e6a4a6befd20492b362fbb9b55a061f2bd2bdb1ea972350aeda8a5b55d6

    SHA512

    aa5469014b53008fb335bcc07527ea4cde8b3e9bb9dfa613a15e60c1a2754d0dce42c77a7eea7511bfb41490f00db1efa582fccbe2bf69f8644e20cf3cd97458

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\onefile_1960_133514848664246000\python39.dll
    Filesize

    26KB

    MD5

    a1a606e9fbdaccb81a607ea0d4403311

    SHA1

    d816046c27790bc458f10cd63ad7f070cc15e164

    SHA256

    d91e5331fbb5ba897bfeffab4b77aa01b6ad4881687b9ea4bf5f0518dbaa7492

    SHA512

    978b5431a726b3b8427a569c12292004469243bdd44546026c48704d7a48d14993d1902baaa4d60800069997f3fe8d7672cd887631921593c01b8f7d8a3c8cb1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\onefile_1960_133514848664246000\main.exe
    Filesize

    62KB

    MD5

    77aa1a8854553d039f2f7d5a81e9687c

    SHA1

    151ab468fa7a243228e3aa4fadde630b3c5e2255

    SHA256

    9ef07a719560118143b0c3a705580e32cbb1a8dcf36bca7551bbe67d85b0bf82

    SHA512

    e921b5f3b7ded1daee3c076584f6e8b532215a90cfd6e436284212a5a58b8f71b994f0591f39c714787ca06cc6f170e865e0928a6e4210305a4d11eff97ac200

    Download Submit

  • \Users\Admin\AppData\Local\Temp\onefile_1960_133514848664246000\python39.dll
    Filesize

    1.2MB

    MD5

    8dc35a5b9cb1925df9aee71934a702b7

    SHA1

    9d019fd155051c8ad740a16c1deec04d914b3a83

    SHA256

    4e904609433f6f81b745a179b440818d500e8f71411184a72ca0c93d130fbdfb

    SHA512

    afade6816c86b69bb8dd1881b03e7237056444ca596ce9478858db12e54ec5585c1b008981d7d6dffdfcbffd28bd1d75236da2c1ceb3e9b4c8532ac757a551e7

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.