Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8f76aa892e...c1.exe

windows7-x64

7

8f76aa892e...c1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    89s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/02/2024, 15:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f76aa892e32a40b1dee2d37481250c1.exe

  • Size

    385KB

  • MD5

    8f76aa892e32a40b1dee2d37481250c1

  • SHA1

    a9ac3ad93992f1e31fd51d39ccaf061d116a19ba

  • SHA256

    f572b2d21508bb7171a01e988defbb8ffc9793c01e3deffa0bbbc1c8803b2e81

  • SHA512

    2411bf51119d6356f9137bc63a3b6936799344740f44ad54521c0513f9c1a1eda6499079e1ba503edbaea54b6149c8b1700eba3ebf78cf5e19f52b0b4d8c625a

  • SSDEEP

    6144:Sjb3bsL5CrSy8of9ksT4fsMW3mRK5szmotKHXX77D1w/FXBxpWV8G/LHSG3RzDhE:SnTnHXjD10JBxtGTHR50efEmvN2NcMB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f76aa892e32a40b1dee2d37481250c1.exe
    "C:\Users\Admin\AppData\Local\Temp\8f76aa892e32a40b1dee2d37481250c1.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4968
    • C:\Users\Admin\AppData\Local\Temp\8f76aa892e32a40b1dee2d37481250c1.exe
      C:\Users\Admin\AppData\Local\Temp\8f76aa892e32a40b1dee2d37481250c1.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2432

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8f76aa892e32a40b1dee2d37481250c1.exe
    Filesize

    385KB

    MD5

    961800d403d8b2c671b03bf84b6d9b6a

    SHA1

    88fc9bf265661e3f5ed0a191378e20e698c33bfe

    SHA256

    886ed56d7eb0f70ecc314e23e7a080f0aac14a9ea29acc709701e4598320861b

    SHA512

    bddc09960c297be11b751c64f02119f53fe9e2a04677ab78243367527cb6449e33fe340deb0c04ef1674bcd0392d7d7f2065ad8f539922434352ce1dd8b30e51

    Download Submit

  • memory/2432-16-0x00000000014D0000-0x0000000001536000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2432-14-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2432-20-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2432-23-0x0000000004E90000-0x0000000004EEF000-memory.dmp

    Filesize

    380KB

    Download

  • memory/2432-32-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2432-34-0x000000000B620000-0x000000000B65C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2432-38-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4968-1-0x0000000001470000-0x00000000014D6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4968-0-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4968-2-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/4968-11-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download