Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b92afc8171...a5.exe

windows7-x64

7

b92afc8171...a5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/03/2024, 16:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b92afc8171c8cdc19c7820918c158aa5.exe

  • Size

    110KB

  • MD5

    b92afc8171c8cdc19c7820918c158aa5

  • SHA1

    368503d281c302c21781c848ddfb5b2c70b27f81

  • SHA256

    221e164123aa6502404587f485e867c8aff134cbea456e29ed49c6f58fbab396

  • SHA512

    7f954e21ba73896c7d904e8a65f922144feea739820624f8abe1f11e529d47f956c49fccd6cef6f528c63da594c2e2e5c0106f01a98cf8ce3fa0e064010ab303

  • SSDEEP

    3072:I9xKpyyf826+u06kM4C0wQNeoBPqvtokhAlgqMdoHbqamV1/GjFIy:PByd0w2ewqiMAOqOoH2jY

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b92afc8171c8cdc19c7820918c158aa5.exe
    "C:\Users\Admin\AppData\Local\Temp\b92afc8171c8cdc19c7820918c158aa5.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2892
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Ynz..bat" > nul 2> nul
      2⤵
      • Deletes itself
      PID:2944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Ynz..bat
    Filesize

    210B

    MD5

    82320a4e408bcafdecc4631b434ce85d

    SHA1

    da8862ded6e2dceea49c3eb36904cb785d61339d

    SHA256

    cbef9c81d9f1ce6a873f68c232c264e3e2158addf05f79acd6256c79c6fdcb0c

    SHA512

    43f2b94d01c8a34648bc9a0476bfa3650103f741c06330a04f5428590fcc0d672be5240171f15f50dcaab8f0333af26224fb9674c41cc69fc9e16c5bbe07068e

    Download Submit

  • memory/2892-2-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2892-1-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2892-0-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2892-3-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2892-5-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download