Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a27b9cc013...7f.exe

windows7-x64

7

a27b9cc013...7f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/02/2024, 18:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a27b9cc01307237a16b08d449e5de87f.exe

  • Size

    57KB

  • MD5

    a27b9cc01307237a16b08d449e5de87f

  • SHA1

    f68abaea3f54726f877a811479d0ef703b7a203d

  • SHA256

    6ff02919ba1f41a558b4affffa234ebc90b2e20147502c1be844363e356b0d58

  • SHA512

    710f97fd309b537a9a24c8d90fe584e63987d81608f02b27a7d2d8ee7c5f62b9064f8b3e93d2cf5cfa8c96ea0839fed9773dc9bc041047d72fc598f56000d9dd

  • SSDEEP

    1536:r19Bn1cXxHmxphPtuEuF7EQxl/8YhrUGUVP:hPnSFKp1stxEQxl01hVP

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a27b9cc01307237a16b08d449e5de87f.exe
    "C:\Users\Admin\AppData\Local\Temp\a27b9cc01307237a16b08d449e5de87f.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4644
    • C:\Users\Admin\AppData\Local\Temp\a27b9cc01307237a16b08d449e5de87f.exe
      C:\Users\Admin\AppData\Local\Temp\a27b9cc01307237a16b08d449e5de87f.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:5080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\a27b9cc01307237a16b08d449e5de87f.exe
    Filesize

    57KB

    MD5

    f8ff8b08ed6cfda4d8e6e0c9096a55e6

    SHA1

    d9aed8bdd8e37a4a6db1f76bc4d1ea224186cc5e

    SHA256

    1f924081a3fed452f82781d1588c30d8b102ab604dc13e150320d0b3ae249cb7

    SHA512

    8aa003afc4102bde050af5c80f2ed6a654f2761318ef13e6ee526ce569c9ceed81522cff03b3e0a3b9b6b5e8bde95c6f68bc0dc45e86c3bdf9cb0f9b9c116537

    Download Submit

  • memory/4644-0-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4644-1-0x0000000001500000-0x000000000152C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4644-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4644-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/5080-13-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/5080-14-0x00000000001B0000-0x00000000001DC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/5080-15-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/5080-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/5080-21-0x00000000014E0000-0x00000000014FB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/5080-26-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download