Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8f37e0a58f...92.exe

windows7-x64

7

8f37e0a58f...92.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/02/2024, 13:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f37e0a58fcb46302e833bcb6f5c4492.exe

  • Size

    82KB

  • MD5

    8f37e0a58fcb46302e833bcb6f5c4492

  • SHA1

    5d6919e63b228819c2fc90012cf54ed43d739f44

  • SHA256

    a17268e8e3cd009aeb607066350d40c37ce63cbac4dab03b20d96cd0aea6199a

  • SHA512

    60399ba7a08473217792a923fb97d417204fc1a57d3a99a4364aeb7f3940ed6c7e0c31af9516e399e7c3c1f1df083953ba7eb8da8d7f12cee9218d876d76be3a

  • SSDEEP

    1536:3vXGdU6Wu2UEin1zfrchpqO2YXCE92IxuQ3+HN8En2NtuhaNi201O/Fz7VRHUwpC:+dU6+UEin1vchpL1XCE92i+u0eHVRhnC

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f37e0a58fcb46302e833bcb6f5c4492.exe
    "C:\Users\Admin\AppData\Local\Temp\8f37e0a58fcb46302e833bcb6f5c4492.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Users\Admin\AppData\Local\Temp\8f37e0a58fcb46302e833bcb6f5c4492.exe
      C:\Users\Admin\AppData\Local\Temp\8f37e0a58fcb46302e833bcb6f5c4492.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8f37e0a58fcb46302e833bcb6f5c4492.exe
    Filesize

    82KB

    MD5

    eeaad3cb91490f05be5c624cc4b26309

    SHA1

    50f004074f9743efddafd0b318417f2363b5c8ad

    SHA256

    9c54a93a63c90e002d3337f840042bda8bd2ae14722f9af7e4cdc3f5e70826e7

    SHA512

    4d0544266108dea8948ef73f427bb34383f6656aeb190014e15f9fff15a101be82ff8deae7f30600969da2e0ddb724f6a7f2a6a179958501b290867b67c19b0b

    Download Submit

  • memory/1160-13-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1160-15-0x00000000001C0000-0x00000000001EF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1160-25-0x0000000004DA0000-0x0000000004DBB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1160-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2204-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2204-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2204-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2204-1-0x00000000001C0000-0x00000000001EF000-memory.dmp

    Filesize

    188KB

    Download