Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

b82a0e42b0...80.exe

windows7-x64

7

b82a0e42b0...80.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 20:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b82a0e42b0eb0678a07caaf7a0d0a080.exe

  • Size

    59KB

  • MD5

    b82a0e42b0eb0678a07caaf7a0d0a080

  • SHA1

    89fb159e755fc102256e364c3f8f38e38a777cb0

  • SHA256

    fb0cbdb972cadfc93d73e29f52393295b891651b39f3d543344cff3a2cc059d2

  • SHA512

    cbc3d26f4cb5452e48691c41e1a4c030e4e76d85fbf397c016fcbc8396383a1a37933a27083de6820d07bfe4d3f524367510bcaa6992bcfdc676a4414099480c

  • SSDEEP

    1536:qfDn0YhvSI0PL2ItwJ/EoLM39pr1qb122j+ObJa:gn0YZPQ2ItwJ/a7w122lbM

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b82a0e42b0eb0678a07caaf7a0d0a080.exe
    "C:\Users\Admin\AppData\Local\Temp\b82a0e42b0eb0678a07caaf7a0d0a080.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1680
    • C:\Users\Admin\AppData\Local\Temp\b82a0e42b0eb0678a07caaf7a0d0a080.exe
      C:\Users\Admin\AppData\Local\Temp\b82a0e42b0eb0678a07caaf7a0d0a080.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\b82a0e42b0eb0678a07caaf7a0d0a080.exe
    Filesize

    59KB

    MD5

    2fbf7eefcd41e9a9f44a1531d6fe633d

    SHA1

    a291275b04d29ad617d6f89dacaa81b6bb845c7e

    SHA256

    f2fb855e100402d26984831bd6024e04226ac4b18b0e8d961fe4747daa524310

    SHA512

    4e7b19a407ab4b888f83f4840f668e44fcf472250d4e3a034904511f09c4d685c6c35838198d1e40113d41d6b17096f2410c8d6cab0c790b146ba26bf3c5f016

    Download Submit

  • memory/1680-0-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1680-2-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1680-1-0x0000000000030000-0x000000000003F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1680-12-0x0000000000160000-0x000000000019D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1680-16-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/3036-17-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/3036-18-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/3036-19-0x0000000000030000-0x000000000003F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3036-24-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3036-29-0x00000000001F0000-0x000000000020D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/3036-30-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.