Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

a3e5706af5...d4.exe

windows7-x64

7

a3e5706af5...d4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/02/2024, 13:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a3e5706af5771d6d08c34629de1545d4.exe

  • Size

    2.9MB

  • MD5

    a3e5706af5771d6d08c34629de1545d4

  • SHA1

    fd5105546841e33fcf81d9e959a568b5d0f51f34

  • SHA256

    3c093695f4b07e2c15080f879fed460df1488ae2e5c463d192e7e78ac1114fed

  • SHA512

    887b47e1f7cbab463f8c46915cb67b6d0360c5537f6aa73ff3a190ab503ab3e68acb60cdef0088102106aa730b7b0b22b946c96c72697febdd7dfaaaf4bd2d83

  • SSDEEP

    49152:B/QVUtSoEbKb/Aa8VjX91o+0/C8c32vSP4M338dB2IBlGuuDVUsdxxjeQZwxPYRr:B/QGtPMKb/8O4R3xgg3gnl/IVUs1jePs

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a3e5706af5771d6d08c34629de1545d4.exe
    "C:\Users\Admin\AppData\Local\Temp\a3e5706af5771d6d08c34629de1545d4.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2728
    • C:\Users\Admin\AppData\Local\Temp\a3e5706af5771d6d08c34629de1545d4.exe
      C:\Users\Admin\AppData\Local\Temp\a3e5706af5771d6d08c34629de1545d4.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\a3e5706af5771d6d08c34629de1545d4.exe
    Filesize

    1.9MB

    MD5

    bf43a41326b98d20c657cdd4b5bb2210

    SHA1

    6e3bebdc18c1c46b2a5dce7ccf041f6bdc26691f

    SHA256

    da87605f0acda97c33f28ef4bd7f9a3bbfe8fe341cef3ccd654e8255440c0850

    SHA512

    49a52d484bc08ed29ad73c8e93810f42c61ffff847cbc561cece080124fb5b73b9e2a796e48869568d96d59e6ed2c2d8e110dd5f36d029505a5b44cc6eae9fd5

    Download Submit

  • memory/2728-0-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2728-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2728-2-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2728-14-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/3264-16-0x00000000018F0000-0x0000000001A23000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3264-13-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/3264-15-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/3264-22-0x00000000056E0000-0x000000000590A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/3264-21-0x0000000000400000-0x000000000061D000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3264-29-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download