Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8f37e0a58f...92.exe

windows7-x64

7

8f37e0a58f...92.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 13:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f37e0a58fcb46302e833bcb6f5c4492.exe

  • Size

    82KB

  • MD5

    8f37e0a58fcb46302e833bcb6f5c4492

  • SHA1

    5d6919e63b228819c2fc90012cf54ed43d739f44

  • SHA256

    a17268e8e3cd009aeb607066350d40c37ce63cbac4dab03b20d96cd0aea6199a

  • SHA512

    60399ba7a08473217792a923fb97d417204fc1a57d3a99a4364aeb7f3940ed6c7e0c31af9516e399e7c3c1f1df083953ba7eb8da8d7f12cee9218d876d76be3a

  • SSDEEP

    1536:3vXGdU6Wu2UEin1zfrchpqO2YXCE92IxuQ3+HN8En2NtuhaNi201O/Fz7VRHUwpC:+dU6+UEin1vchpL1XCE92i+u0eHVRhnC

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f37e0a58fcb46302e833bcb6f5c4492.exe
    "C:\Users\Admin\AppData\Local\Temp\8f37e0a58fcb46302e833bcb6f5c4492.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1776
    • C:\Users\Admin\AppData\Local\Temp\8f37e0a58fcb46302e833bcb6f5c4492.exe
      C:\Users\Admin\AppData\Local\Temp\8f37e0a58fcb46302e833bcb6f5c4492.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\8f37e0a58fcb46302e833bcb6f5c4492.exe
    Filesize

    82KB

    MD5

    908e4eb4d10508190c3be07169c9aa52

    SHA1

    0b4cdbfb55651feb11161f49d068d5052eef33b2

    SHA256

    013b6f75754b63a7ef9a294543056ac440df0de738d19daed3460d0db22f235c

    SHA512

    b22a2c0319e1503a21dd8e70ca08130e4c448b8a53b0b3a853a8297e32c139e02defdd4033de3dc98a656c40da07be1797996494a6d9eb086690afc7951f3269

    Download Submit

  • memory/1776-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1776-1-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1776-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1776-14-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2472-18-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2472-16-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2472-23-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2472-28-0x0000000000220000-0x000000000023B000-memory.dmp

    Filesize

    108KB

    Download