Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

9b73fce373...55.exe

windows7-x64

7

9b73fce373...55.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/02/2024, 10:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9b73fce373d12aeece175d383877c255.exe

  • Size

    1.8MB

  • MD5

    9b73fce373d12aeece175d383877c255

  • SHA1

    af2fee51c6266fb0c39b9517b4884cd4d1bf7c1b

  • SHA256

    e2b45cc8fc7d18d3294c06a20f78de7421061af7e84e1b16ac0d3ecdec2be078

  • SHA512

    20fb0b767449a23abb7c83142c38399a6fc38f4b110d676ca078f4a27c16d7b002cc0681830f9eb34a1ca6e1a7443c96272f830e9b6f616872ec155542c98333

  • SSDEEP

    49152:5a7qPlLjWr4Tq5BsvSpzEKFWy3KSWyiNiXxOTO9g4FY:QeWr4yjDFJ3KSPKiZ8

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9b73fce373d12aeece175d383877c255.exe
    "C:\Users\Admin\AppData\Local\Temp\9b73fce373d12aeece175d383877c255.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3612
    • C:\Users\Admin\AppData\Local\Temp\is-8O7MN.tmp\9b73fce373d12aeece175d383877c255.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-8O7MN.tmp\9b73fce373d12aeece175d383877c255.tmp" /SL5="$301EC,1561522,54272,C:\Users\Admin\AppData\Local\Temp\9b73fce373d12aeece175d383877c255.exe"
      2⤵
      • Executes dropped EXE
      PID:1940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-8O7MN.tmp\9b73fce373d12aeece175d383877c255.tmp
    Filesize

    687KB

    MD5

    c080f73b1bdde0853cb0258d9a02b0ec

    SHA1

    a5112a53e6e75069ac06b7bbd658f7cf2c8f2dee

    SHA256

    a0cfbc8da39ad4a4d21c61d73873d225ffa5d7650fae5938ab643f719d5f7363

    SHA512

    e514be3f983de22c0f67bac318686b7fe75cb6fd9832f3603077ad25c559155b7df71555b92bb6366835a104c8d2828cec2766fb7f855bd3f79f66319d6a5eac

    Download Submit

  • memory/1940-7-0x00000000006A0000-0x00000000006A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1940-17-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/1940-20-0x00000000006A0000-0x00000000006A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3612-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3612-2-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3612-16-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download