Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8e1aa0c1d5...7c.exe

windows7-x64

7

8e1aa0c1d5...7c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 03:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e1aa0c1d5f3ce593dab994ea70fac7c.exe

  • Size

    105KB

  • MD5

    8e1aa0c1d5f3ce593dab994ea70fac7c

  • SHA1

    b4b2cd399b50960982138cb82704b87fd2e0ba8a

  • SHA256

    6e4cd20f9ad2a0a86286c5a5cff471a7dbff00ae36a84906881479bf1dc6423b

  • SHA512

    ca86769d4584a8474ff234bc010317659ba717523ad524273247e5d056566bc95a1abaf630f7517c9d2376dcdc4f6d37bb0f4b1628e021dcb86a407b09cd7141

  • SSDEEP

    3072:ApV6fFJYsYufO3bn9eHtd2UXA8flS9IkJspW9i:ApV2FJ8ufyn9eNoUw99I2sY4

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e1aa0c1d5f3ce593dab994ea70fac7c.exe
    "C:\Users\Admin\AppData\Local\Temp\8e1aa0c1d5f3ce593dab994ea70fac7c.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Users\Admin\AppData\Local\Temp\8e1aa0c1d5f3ce593dab994ea70fac7c.exe
      C:\Users\Admin\AppData\Local\Temp\8e1aa0c1d5f3ce593dab994ea70fac7c.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\8e1aa0c1d5f3ce593dab994ea70fac7c.exe
    Filesize

    105KB

    MD5

    9453701bea9e2a31c0abf2be6f308462

    SHA1

    ea4946ce2bab5c2a5bc03f50935da10d767d9f5a

    SHA256

    9a68d1a2fb02fbffd9eed90933cfdbac43da0a9e91768329e38d59b7e2a68f05

    SHA512

    226fc64f7b80215b8d4fa7a76fca108d0b8586d1d2bffacc715abb92d59549cf317bf1ddf6af6a28e838530c04db797b25704d92eeeabbe905ade02a64291072

    Download Submit

  • memory/1724-3-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1724-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1724-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1724-15-0x0000000000190000-0x00000000001BF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1724-14-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1992-18-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1992-24-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1992-20-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1992-29-0x00000000003D0000-0x00000000003EB000-memory.dmp

    Filesize

    108KB

    Download