Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

aa7a39027e...5e.exe

windows7-x64

7

aa7a39027e...5e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/02/2024, 23:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa7a39027e69f034434a17936cf9a45e.exe

  • Size

    1.5MB

  • MD5

    aa7a39027e69f034434a17936cf9a45e

  • SHA1

    e4898ad4502ac036b35db7b32b412a93fe92366f

  • SHA256

    d4193434a4bd49162a6a11e8797430500262e69978b42312b363b339f0ba53b3

  • SHA512

    06c1d92c60911b4d1a7a4f48419cfe5ed0b98e60d25423d7a28072f9a60e0ed45b0e89529dbdb3788a9d7666d883fa0b250a40fa8e72da7365a08123713136ac

  • SSDEEP

    24576:S2Vof9ABnWLsNdAZuHBKwS7w1fThA1KnW4EKzCssFWBvpGopTUMUD4wdfbtqW:S2XBWYPAeSwdA1CWBKzfvpGopAXxNQ

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aa7a39027e69f034434a17936cf9a45e.exe
    "C:\Users\Admin\AppData\Local\Temp\aa7a39027e69f034434a17936cf9a45e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Users\Admin\AppData\Local\Temp\aa7a39027e69f034434a17936cf9a45e.exe
      C:\Users\Admin\AppData\Local\Temp\aa7a39027e69f034434a17936cf9a45e.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\aa7a39027e69f034434a17936cf9a45e.exe
    Filesize

    1.5MB

    MD5

    4741caed8a2f478e5612ec65b21b4564

    SHA1

    efb71d398c70e924cc894d7d705fe622f957bfa4

    SHA256

    e5c30c65f14990e3943a7a8b985dfcd1ec83774137228abe12e02d2d48073d16

    SHA512

    bfd5ae94ae6c180a10cf9de17ba9bd3689d301bed4202bf3f3c63d6111586af3995d515b6f4f92eaee1e231540aa132eb8282a4070b10b15ef1919a17ecf0986

    Download Submit

  • memory/2976-23-0x0000000000400000-0x000000000061D000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2976-16-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2976-17-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2976-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2976-24-0x0000000003410000-0x000000000363A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2976-32-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/3024-2-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/3024-1-0x0000000001B20000-0x0000000001C53000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3024-14-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/3024-13-0x0000000003510000-0x00000000039FF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/3024-0-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/3024-31-0x0000000003510000-0x00000000039FF000-memory.dmp

    Filesize

    4.9MB

    Download