Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

HEUR-Troja...od.exe

windows7-x64

7

HEUR-Troja...od.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/02/2024, 08:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HEUR-Trojan.Win32.Selfmod.exe

  • Size

    218KB

  • MD5

    11bf0d021b0aac3cba376326726a1633

  • SHA1

    0c8e1f392cd8bfa11e8cf354ba78cc4d27bf6e15

  • SHA256

    e9cc3b13dd371b062ecca23d4a78818a534fb7024e0e5af2859024a0b1f2e807

  • SHA512

    334b706826f638676da887ba9cc57c302d1db6705a77993a728456231795945a0414b07554707cdd81664baaa5b35d4e095133e0ab049b6e71f6f262c741789c

  • SSDEEP

    3072:m6j4LkjoaAW3YC1f1YBuPHBPB1wDKSRMHOMEcr3hZVDneCRpmiaoG9QxsM+NAFa:G2AnTU6DKMqOMdZVbXX9aLisM+Nea

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Selfmod.exe
    "C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Selfmod.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Selfmod.exe
      C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Selfmod.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Selfmod.exe
    Filesize

    218KB

    MD5

    a5be874b6b1ecb909b84aceaf0ccf588

    SHA1

    912a5fcc3d33ce6994f2199b2232a4880cf564f1

    SHA256

    67e90379bc8f38bf5d8d5c1ccbbc5a2fd2f02138a5a6da854fc8d19754df08d2

    SHA512

    9f2ca63015a10ad11348a2e94890f2ef1f9e07189fae5ef11c4efdfa22ec5fbe52ad6658bc6af7de0a23a8e3214b6ad22b52a57e68af563a7156c412e9a1bf47

    Download Submit

  • memory/2296-0-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2296-9-0x0000000000130000-0x0000000000172000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2296-8-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2924-12-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2924-11-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2924-14-0x0000000000180000-0x00000000001C2000-memory.dmp

    Filesize

    264KB

    Download