Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

ab61877aeb...90.exe

windows7-x64

7

ab61877aeb...90.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/02/2024, 07:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab61877aeba85f2299873654cb2f3990.exe

  • Size

    10.6MB

  • MD5

    ab61877aeba85f2299873654cb2f3990

  • SHA1

    1469d4e761e332c386d352743791dd938601fb40

  • SHA256

    dedce699d9aa64f357ecaa5c59158a2cc8b957979d25b854deb7ecc280bfbcf7

  • SHA512

    2e949c142b44c39b905452dc4245a5ff591c6e8704f7fb50d39258b79eae5e7637a8ef9f6f2aaaa6a27302ad7c18269fbd3a04c95d662184c03e605319a57f5f

  • SSDEEP

    196608:j5k8LvJuXxZuxx+DAJuXxZpCGViBcKyLxJmJuXxZuxx+DAJuXxZo:jRbme6Am5hiBSmme6Am4

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab61877aeba85f2299873654cb2f3990.exe
    "C:\Users\Admin\AppData\Local\Temp\ab61877aeba85f2299873654cb2f3990.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1540
    • C:\Users\Admin\AppData\Local\Temp\ab61877aeba85f2299873654cb2f3990.exe
      C:\Users\Admin\AppData\Local\Temp\ab61877aeba85f2299873654cb2f3990.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ab61877aeba85f2299873654cb2f3990.exe
    Filesize

    10.6MB

    MD5

    e91d4930684b50eaccb4c3d613edd595

    SHA1

    79632d88532a1a794b5c284020341fde7d330579

    SHA256

    66a84894524d56eca65aeb042046a5f32451c5aaf91ad2367eb31af221da7905

    SHA512

    f344bc04781e1c3857470a5b9db08b6e066f86f0a947dd97f322e82122b4e71eacb6ace8dacce176da7094f5f6db17ef4b90312d1d14ee7b8cf85213106f6ce0

    Download Submit

  • memory/1540-0-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/1540-1-0x0000000001D70000-0x0000000001EA3000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1540-2-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1540-12-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2236-13-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2236-14-0x0000000001C70000-0x0000000001DA3000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2236-15-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2236-20-0x0000000000400000-0x000000000061D000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2236-21-0x0000000005570000-0x000000000579A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2236-28-0x0000000000400000-0x00000000008EF000-memory.dmp

    Filesize

    4.9MB

    Download