Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

992af39606...ce.exe

windows7-x64

7

992af39606...ce.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    13/02/2024, 10:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    992af39606e42e4e27656416217cface.exe

  • Size

    1.1MB

  • MD5

    992af39606e42e4e27656416217cface

  • SHA1

    4fd6dba1e514d3572649de427cef6ea23068a33d

  • SHA256

    49a4495baa65855a68d32fd5fc980147c47899a09c3b1d964055e1e4ad82afc1

  • SHA512

    62d38bcdf01c667351fd73b0841ad6d9b473199da7a617cf6129476aef3707c15f396278372b149c4935b0c18e1fb5a787dfdd55daaa46984acdbc2c66e6c86a

  • SSDEEP

    24576:7zXKqa8SEijjC+37liXbLbklmfB6/tbQdSmKBQXj3Ly:7z6qaakjC+3srLAKB61bQd3KaXb+

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\992af39606e42e4e27656416217cface.exe
    "C:\Users\Admin\AppData\Local\Temp\992af39606e42e4e27656416217cface.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Program Files (x86)\ffsnccdhlw\paltr.exe
      "C:\Program Files (x86)\ffsnccdhlw\paltr.exe"
      2⤵
      • Executes dropped EXE
      PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files (x86)\ffsnccdhlw\paltr.exe
    Filesize

    1.1MB

    MD5

    089364d103ce82a1f0ef4edb1c2223d6

    SHA1

    4f81af7b774c1b14731e3637deec65485aabb7e2

    SHA256

    29eb1514143baeb9a8cdec496829faf18e9f9ef62fd87d4f09fcfde6f12bf658

    SHA512

    0abbb3bfa2d09795b04e73535867302f8c86819aa9c3e79956dd0d3a4577c810de327e29955db99137130c8584cd7a650fbcff1612436b9ece80f30d81fdeeab

    Download Submit

  • memory/2168-0-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2168-1-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2168-6-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2168-7-0x0000000000340000-0x00000000003D4000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2168-11-0x0000000000340000-0x00000000003D4000-memory.dmp

    Filesize

    592KB

    Download

  • memory/3012-10-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/3012-12-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download