Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a27b9cc013...7f.exe

windows7-x64

7

a27b9cc013...7f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24/02/2024, 18:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a27b9cc01307237a16b08d449e5de87f.exe

  • Size

    57KB

  • MD5

    a27b9cc01307237a16b08d449e5de87f

  • SHA1

    f68abaea3f54726f877a811479d0ef703b7a203d

  • SHA256

    6ff02919ba1f41a558b4affffa234ebc90b2e20147502c1be844363e356b0d58

  • SHA512

    710f97fd309b537a9a24c8d90fe584e63987d81608f02b27a7d2d8ee7c5f62b9064f8b3e93d2cf5cfa8c96ea0839fed9773dc9bc041047d72fc598f56000d9dd

  • SSDEEP

    1536:r19Bn1cXxHmxphPtuEuF7EQxl/8YhrUGUVP:hPnSFKp1stxEQxl01hVP

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a27b9cc01307237a16b08d449e5de87f.exe
    "C:\Users\Admin\AppData\Local\Temp\a27b9cc01307237a16b08d449e5de87f.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Users\Admin\AppData\Local\Temp\a27b9cc01307237a16b08d449e5de87f.exe
      C:\Users\Admin\AppData\Local\Temp\a27b9cc01307237a16b08d449e5de87f.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\a27b9cc01307237a16b08d449e5de87f.exe
    Filesize

    57KB

    MD5

    6d6cd58533f065b904ba02f72b0d5051

    SHA1

    06dfc80c826b278340024b5f1aed044b33125609

    SHA256

    f46d0eb76ec29ea3d1710a39bbef25a8acb77ba08938f2324d8762c046c33cd1

    SHA512

    3b9852eefe7a01dcd44c2f5bddd7bd610266fd0ee0c9301bd77faafac8575c979c3e8e2928269d782d2fd8fee098e0f08dfe4209b932f952fcd157e4ce0bc3b6

    Download Submit

  • memory/1388-17-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1388-18-0x0000000000140000-0x000000000016C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1388-23-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1388-28-0x0000000000190000-0x00000000001AB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1388-29-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2032-0-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2032-4-0x0000000000140000-0x000000000016C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2032-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2032-11-0x0000000000200000-0x000000000022C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2032-15-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download