Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

aadaa40df8...25.exe

windows7-x64

7

aadaa40df8...25.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    28/02/2024, 03:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aadaa40df816039f1005afe38d290725.exe

  • Size

    82KB

  • MD5

    aadaa40df816039f1005afe38d290725

  • SHA1

    acf9da779bf66bb45ec8e47b14f6cf03a3b8e10b

  • SHA256

    c4174a06279b6e05cbb93b63bc8fb3447f7d5ca9c91461de64105e84c1fcd33c

  • SHA512

    855fd981b8c12d2a88a266a2996a500fc80fdca4e29e7ae506c763b0baf964ce443a1b799619592ff8aed9001a95ef2453cbaf73be4ed4b8cc763dc268a8d20c

  • SSDEEP

    1536:4piy6Iy2L5ZZfG/qgUcYmhdzuXDrBkIyeZ9GIfPGWFBNO/NqKSkBTzJsDUXYf2l:4piyh5Zc/F0mhdzu2ezlPRTg/NJzBTzN

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aadaa40df816039f1005afe38d290725.exe
    "C:\Users\Admin\AppData\Local\Temp\aadaa40df816039f1005afe38d290725.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2764
    • C:\Users\Admin\AppData\Local\Temp\aadaa40df816039f1005afe38d290725.exe
      C:\Users\Admin\AppData\Local\Temp\aadaa40df816039f1005afe38d290725.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\aadaa40df816039f1005afe38d290725.exe
    Filesize

    82KB

    MD5

    db599cbd3e14ebafeebf54ba9986c505

    SHA1

    7aacc626a3a42c7e5b045a3dfb67adc4c70dab70

    SHA256

    0002ca982c0507a8f5e27b0871b670f5c1cabd9334563f23741de8d5ebd35006

    SHA512

    9318f6b93f139efbd82057cc9e32ead8bd50b5ffad25f10c8d3f37e204b9e6acc70c802198745f3a383106f7ec84c575d714b4f4ac0bad7496d903f82f65d1ca

    Download Submit

  • memory/2616-18-0x00000000001C0000-0x00000000001EF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2616-21-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2616-24-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2616-29-0x0000000000220000-0x000000000023B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2764-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2764-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2764-4-0x00000000001D0000-0x00000000001FF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2764-15-0x0000000000210000-0x000000000023F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2764-14-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download