Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

9a8be058b3...a8.exe

windows7-x64

7

9a8be058b3...a8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    90s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/02/2024, 02:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a8be058b3c3ed72b59de20c070a2aa8.exe

  • Size

    5.3MB

  • MD5

    9a8be058b3c3ed72b59de20c070a2aa8

  • SHA1

    f8940b780b88bdc212ab96de64758fedb76c5827

  • SHA256

    59e00d1117238f8f499058d2cb48409bcffe4263c52a2530c1f5717c95e514ca

  • SHA512

    994ad283ed603f7b830b1d9335baeeaf919181c20b8dd23a4ed8b39532cd84d8031ecf370d437a988e8a7ac76adc92d1cca7f7531c6da93d3ae6c2bd91ae83dd

  • SSDEEP

    98304:OjQ3q2YaJE8HSof/nw4JsqNvMoYD3FwHVN1LR+1igHI7ZjHSof/nw4JsqNvMoYDm:Oj6E8/ffxsgUwHSIddj/ffxsgUwD

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9a8be058b3c3ed72b59de20c070a2aa8.exe
    "C:\Users\Admin\AppData\Local\Temp\9a8be058b3c3ed72b59de20c070a2aa8.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:772
    • C:\Users\Admin\AppData\Local\Temp\9a8be058b3c3ed72b59de20c070a2aa8.exe
      C:\Users\Admin\AppData\Local\Temp\9a8be058b3c3ed72b59de20c070a2aa8.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\9a8be058b3c3ed72b59de20c070a2aa8.exe
    Filesize

    5.3MB

    MD5

    ec455bd51ec7f3c4c1898c64bcc30ce4

    SHA1

    d63bdfc30525415628d0a03d9965bdd15a55fb6e

    SHA256

    1818f011ae2a8e97027a6418cce0dc8d7908db10970eec09da51f5f2df73bec9

    SHA512

    507cf710d6ba985efc5914b3bb1e00393cd8605abe3072194ca568d90a31eaf759875d2525b76f713045605eb746cbc18b36b8a579d70671bcb62283bf2c6a09

    Download Submit

  • memory/772-0-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/772-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/772-2-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/772-12-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2240-14-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2240-13-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2240-15-0x0000000001CF0000-0x0000000001E21000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2240-20-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2240-22-0x00000000055E0000-0x0000000005802000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2240-28-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

    Download