Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b5e84cbefb...e3.exe

windows7-x64

7

b5e84cbefb...e3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2024, 23:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b5e84cbefb2688fa04847485a0d456e3.exe

  • Size

    4.8MB

  • MD5

    b5e84cbefb2688fa04847485a0d456e3

  • SHA1

    8cd7f4df0d1f756deaf9ea3fba76e67ceffdc786

  • SHA256

    4f6db17acd2a602a1387a0fd79c2c4e22e6924b0a6805a25660f842674beb17d

  • SHA512

    d4fd314c678056651ae9f7ecf648b91402abc9c0223ee0fd51befa9ead64e14c1d996122400338db0b52aa219ee875173555c40c71d8470c3bd96d6da546aa5b

  • SSDEEP

    98304:91OroQnaBfla2cW+XD1H7Okll5BUMz2Q+VTFE2G8tGE4Km6J8RyywiCPu0p:91Orkfa2aRb3BdC/E2G8tGE4aJ8Afu8

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b5e84cbefb2688fa04847485a0d456e3.exe
    "C:\Users\Admin\AppData\Local\Temp\b5e84cbefb2688fa04847485a0d456e3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1908
    • C:\Users\Admin\AppData\Local\Temp\7zS8A4E.tmp\installfwpkg.exe
      .\installfwpkg.exe
      2⤵
      • Executes dropped EXE
      • Checks processor information in registry
      • Suspicious use of SetWindowsHookEx
      PID:960

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zS8A4E.tmp\installfwpkg.exe
    Filesize

    1.8MB

    MD5

    f8c93a37aa44f0472c74a3b260fb8315

    SHA1

    29b7abdc8ab97f4ea1247aa556e315bef468813e

    SHA256

    031eb10ce632b22c562e4d41fd0f821d87f65aa3890c3375ae1d359218b8b4cd

    SHA512

    d13d5b9d741fec54b1537c8df54eb81990cb3c08fcc2938ce7b8636e73c636dd4bc8ea724e1ad436020da177e54ac863469c6b392ac69129151472fd40947f02

    Download Submit

  • memory/960-10-0x00000000025F0000-0x00000000025F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/960-9-0x00000000025E0000-0x00000000025E1000-memory.dmp

    Filesize

    4KB

    Download