Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

a06df8dfe4...05.exe

windows7-x64

7

a06df8dfe4...05.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/02/2024, 19:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a06df8dfe494b9522f7ff162cfc92d05.exe

  • Size

    10.2MB

  • MD5

    a06df8dfe494b9522f7ff162cfc92d05

  • SHA1

    bd49bf85567c25c3ed0928a38dbcccc33eaff32f

  • SHA256

    cdc91b1ffffa9480fdd1649f9f46111379cc49de40c475badbf6961d762f8fbc

  • SHA512

    045fa8f9ae962e07291f54887986cc2425eeccea0a0158b2b17e4254dadbe2985c5266787639d57d817daa87b06acbb33fbf7441d5cc8ef118020e6d61def3f6

  • SSDEEP

    98304:QG/JZeGtKd3j9nicJGxAoYM1XC63cY+jEwbeKzCPfB2jx3j9nicJGxAoYM1XC63:ZB5tKx5iKzH+aY+Kwjt5iKzH+

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a06df8dfe494b9522f7ff162cfc92d05.exe
    "C:\Users\Admin\AppData\Local\Temp\a06df8dfe494b9522f7ff162cfc92d05.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1532
    • C:\Users\Admin\AppData\Local\Temp\a06df8dfe494b9522f7ff162cfc92d05.exe
      C:\Users\Admin\AppData\Local\Temp\a06df8dfe494b9522f7ff162cfc92d05.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\a06df8dfe494b9522f7ff162cfc92d05.exe
    Filesize

    10.2MB

    MD5

    0fa7427bbee87380f32d8cc1325df33e

    SHA1

    a3350b9c93829b9def457d2981243a86a87f3f28

    SHA256

    970228421c326514d1f7f4f28f6ca7cd24958d3f6a41dd15d4b164988eef3332

    SHA512

    c2c10feaf3482f3f07dbc23878fae3ad8f3e43aa5d9cec5041fecabad65ec89fdafbaca5cff7828a0be3089702685c3a17b65b24ffaea2c0821a1d07953e24f0

    Download Submit

  • memory/1532-0-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1532-1-0x00000000021C0000-0x000000000241A000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/1532-2-0x0000000000400000-0x0000000000605000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1532-13-0x0000000000400000-0x0000000000605000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2296-14-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2296-16-0x0000000002400000-0x000000000265A000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2296-23-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB

    Download