Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2d2d4654fe...0e.exe

windows7-x64

7

2d2d4654fe...0e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    05/03/2024, 18:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe

  • Size

    197KB

  • MD5

    3a56b4bfdc3e26faf2f9a25a9d0b99bb

  • SHA1

    6d3eb841a2ef53ac973af87285016e03035da334

  • SHA256

    2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e

  • SHA512

    b312241b47fe80bf50c0d693e3904420ff91f387c7bbf7599b4e74a76336125df1e7848b8b0d2f2f238d35ccae8407f27368079db5b4033ad6dd70f6847bc264

  • SSDEEP

    3072:zy7MbiS1bE8Pt/fXDYxCBwmdWfIv0koEpZAWCuSE3mX76mFSYkP9+A4j:uIbiS1VuC5MJEpj0RX76m1kV+A

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe
    "C:\Users\Admin\AppData\Local\Temp\2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2728
    • C:\Users\Admin\AppData\Local\Temp\2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe
      C:\Users\Admin\AppData\Local\Temp\2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe
    Filesize

    197KB

    MD5

    fef508aebd4aae080bb245be65697205

    SHA1

    9d6dbef980e8f3844a1ff72265b7d151668f3899

    SHA256

    6c757185554c9205cc0c36d7548d187c8c68984db68b0725c1ee120ad021393a

    SHA512

    4da7e5e9151ec518bbcc9c736c279426c6dda3266c84f71fda4d692247469e61763b8cb6dc49d4fbde54c4ba49d32fc06632ba2c94d4b77b321947d277c18b05

    Download Submit

  • memory/2728-0-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2728-6-0x0000000001540000-0x0000000001579000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2728-9-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2980-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2980-11-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2980-17-0x00000000002B0000-0x00000000002E9000-memory.dmp

    Filesize

    228KB

    Download