Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b8d0e5a466...f7.exe

windows7-x64

7

b8d0e5a466...f7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/03/2024, 13:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b8d0e5a466516ffe3ebe1c1d317f45f7.exe

  • Size

    94KB

  • MD5

    b8d0e5a466516ffe3ebe1c1d317f45f7

  • SHA1

    88b5ff6786ceebb80893b5ddc16fe0fc331d67ad

  • SHA256

    25e2e2d1336031e20b6a60730c86cfc299626a6d0bb85f0d6a8e68f95bd2304f

  • SHA512

    0594184db7bbe4487a11ebd037a4355b94b9c0d54b794fce70c1cc57da4786a875f11b6767e41a140a31d94d5f449965e2488bfb2b454ea0ca1c531e4db64dd7

  • SSDEEP

    1536:z7X9XEZfr0od8hgmvcYByULq+q0UuS+ewUzMntw9FIy:9YD0oOXvcYBeLuS++wtw9FIy

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b8d0e5a466516ffe3ebe1c1d317f45f7.exe
    "C:\Users\Admin\AppData\Local\Temp\b8d0e5a466516ffe3ebe1c1d317f45f7.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2316
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Cqf..bat" > nul 2> nul
      2⤵
      • Deletes itself
      PID:2724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Cqf..bat
    Filesize

    210B

    MD5

    0a4d2de4ab795545500302a1a4f005d5

    SHA1

    ddcb274135daba6c216bc71369333aa45bb700a7

    SHA256

    25ba515b82e5e6cf8aba3282b645290c05419feb76c416c65c84c80b64ab1c08

    SHA512

    84d1f64d4c4d2801a718868a9e6d3c79e0ca0f1b64a464a54b2688337eac2d01a86d7f74a1c3a30ce9e137224a658b05809c9f11af618bf0b33a2c183739c9dc

    Download Submit

  • memory/2316-1-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2316-0-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2316-2-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2316-3-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2316-5-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download