Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b45567ae02...bd.exe

windows7-x64

7

b45567ae02...bd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2024, 09:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b45567ae02b7d317c6d25875fd1a0fbd.exe

  • Size

    907KB

  • MD5

    b45567ae02b7d317c6d25875fd1a0fbd

  • SHA1

    164e4049be8cfcc83d3df8c3f7d959491e38933c

  • SHA256

    bc92b242d7431b5a104695db52837790bfbade762841668fbfe115ae8d80893c

  • SHA512

    71c3149a25c4023c1bcd3458feedd914fa463aab824824a0ae75cdd83da0b2296ea888457334d8f861b3b87569fedf64bff6b9908453e24ce1d30cd034c41dbc

  • SSDEEP

    12288:yrGWFZtHJLwM3Mp0+h5J02g+BIcLHCE/c1H7DSCTl3KvgJ12MMa0qXQjVDa/ZS1:mbnprt+hbsYAE01beZvgzyqX2a/ZS1

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b45567ae02b7d317c6d25875fd1a0fbd.exe
    "C:\Users\Admin\AppData\Local\Temp\b45567ae02b7d317c6d25875fd1a0fbd.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4576
    • C:\Users\Admin\AppData\Local\Temp\b45567ae02b7d317c6d25875fd1a0fbd.exe
      C:\Users\Admin\AppData\Local\Temp\b45567ae02b7d317c6d25875fd1a0fbd.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3372
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4024 --field-trial-handle=2240,i,16875000905773190493,11379096115878622792,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2036

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\b45567ae02b7d317c6d25875fd1a0fbd.exe
      Filesize

      907KB

      MD5

      db7ee0b63922ab9f8b01654438e31971

      SHA1

      cb3b4bb0489288f35612c7bf2ad39c9e44d3b03d

      SHA256

      909b1227732dd4db8b4709d5e799a1b87569e974e401f1b9ecb5f38e0a543190

      SHA512

      dbfea9283657210d8e06ba81189bae4a7a69f14c0439e90b18dec66e0bbc566914664a5e261b9083e59151a755aafc0e2ffcfe03dbee78ea65e6dfa4b6875dbd

      Download Submit

    • memory/3372-13-0x0000000000400000-0x00000000004E8000-memory.dmp

      Filesize

      928KB

      Download

    • memory/3372-14-0x0000000001640000-0x0000000001728000-memory.dmp

      Filesize

      928KB

      Download

    • memory/3372-20-0x0000000005120000-0x00000000051DB000-memory.dmp

      Filesize

      748KB

      Download

    • memory/3372-21-0x0000000000400000-0x0000000000498000-memory.dmp

      Filesize

      608KB

      Download

    • memory/3372-30-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/3372-33-0x000000000B800000-0x000000000B898000-memory.dmp

      Filesize

      608KB

      Download

    • memory/4576-0-0x0000000000400000-0x00000000004E8000-memory.dmp

      Filesize

      928KB

      Download

    • memory/4576-1-0x0000000001810000-0x00000000018F8000-memory.dmp

      Filesize

      928KB

      Download

    • memory/4576-2-0x0000000000400000-0x00000000004BB000-memory.dmp

      Filesize

      748KB

      Download

    • memory/4576-11-0x0000000000400000-0x00000000004BB000-memory.dmp

      Filesize

      748KB

      Download