Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

ursa-cli.exe

windows7-x64

1

ursa-cli.exe

windows10-2004-x64

1

ursa-qt.exe

windows7-x64

3

ursa-qt.exe

windows10-2004-x64

1

ursad.exe

windows7-x64

1

ursad.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    1795s
  • max time network
    1169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/02/2024, 21:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ursa-cli.exe

  • Size

    3.1MB

  • MD5

    af76c9416034c270635f71283dbbeb7a

  • SHA1

    e17e472918af36aa54df52827290c4a8998d76ac

  • SHA256

    fde204f8814a46577b3b72beac84fe816e4efd0e510ee49a8ef31f005f8a1732

  • SHA512

    59347d89de9ff78eaa626b753f07b656373d43491044e5c123f968720c4906b89f5a3df8997faa112aad1256d4f17de733611ce76ec98c7824ac9f8866e266c0

  • SSDEEP

    49152:Ag5MOTtDaSZ4k+XPWJThamE9Onzd1qmpF7+9CmVPe86zhcZyc6gUo6ZGHBkYZbNP:5dBaSHSPccOr/fR+ozO4

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ursa-cli.exe
    "C:\Users\Admin\AppData\Local\Temp\ursa-cli.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:5072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5072-0-0x0000000000440000-0x0000000000764000-memory.dmp

    Filesize

    3.1MB

    Download