Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b5bcf9d796...84.exe

windows7-x64

7

b5bcf9d796...84.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2024, 21:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b5bcf9d796bd46d6c515fff542fa2984.exe

  • Size

    1.9MB

  • MD5

    b5bcf9d796bd46d6c515fff542fa2984

  • SHA1

    d74d0815c9892db0556e992ee7d0b9ee65a75de5

  • SHA256

    d8cc91acd9edb70aa29f20737b546b7d439bbda5ea2552336a334f8f7bcf6d26

  • SHA512

    e90cdb9cceb8f7e7f751be708599dd7334375ad6627df92e1d9de80f51915bdef74743f4aa67f2b50fb8eaa599d54b0c973d15ac71c14514603acb8a842199cc

  • SSDEEP

    49152:Qoa1taC070druvA2y3jkslkjIhGOVTT2mLR:Qoa1taC0c2oosl86V/2mF

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b5bcf9d796bd46d6c515fff542fa2984.exe
    "C:\Users\Admin\AppData\Local\Temp\b5bcf9d796bd46d6c515fff542fa2984.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:388
    • C:\Users\Admin\AppData\Local\Temp\BA67.tmp
      "C:\Users\Admin\AppData\Local\Temp\BA67.tmp" --splashC:\Users\Admin\AppData\Local\Temp\b5bcf9d796bd46d6c515fff542fa2984.exe EF0F518B8231E9D4E9C01650AE49D911FEB8D4D409D4190BB0AC906292F7176792A63773D054AA705B4C6E3EE57440CDA55BCCF45424D1EB94A44447663ABAFE
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\BA67.tmp
    Filesize

    1.9MB

    MD5

    23481a9456060dbd227816806cb4385a

    SHA1

    a4adffbf2ad8b6f1d5a57c2fa073688371662541

    SHA256

    f7070b05be921f7666f3150ed65489f7916ce89bd01f2811dcc684772aa8140d

    SHA512

    07cf1340be60ebcc2ae120ec77cd7084647b3a5745654671928359edb7fa8ab5d25b023b54fdd44bb32bad74dd4ec24a13421d3abd46efae58fbfb1fe9a44bf3

    Download Submit

  • memory/388-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2752-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download