Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b9accc6f47...87.exe

windows7-x64

7

b9accc6f47...87.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    07/03/2024, 21:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b9accc6f47c9af2b02b2d0e2baf27887.exe

  • Size

    165KB

  • MD5

    b9accc6f47c9af2b02b2d0e2baf27887

  • SHA1

    641f1f2b08dc2ccb18e9c1fd327ebe9d73a06de1

  • SHA256

    83a23e150f81237005b762cd1af1b3ae408f7042ea58166c5bcf4811d47e7be7

  • SHA512

    9636a98c2a516882f589066d2ab85ad9ae8d730c0bcd7671bb9e1d0dce40846866d648aa7837603fc13bbea1e4ae7ef125ebe27ac85bcde9dcd63f018b7c8d19

  • SSDEEP

    3072:fScOoXlUPJuPLIxkoSna0RNbANvQwEy91/V+tXnAaPdMgLvSZzYzUf9N:qu1URu0ernauNbo1eAaPdMBzZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9accc6f47c9af2b02b2d0e2baf27887.exe
    "C:\Users\Admin\AppData\Local\Temp\b9accc6f47c9af2b02b2d0e2baf27887.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2396
    • C:\Users\Admin\AppData\Local\Temp\b9accc6f47c9af2b02b2d0e2baf27887.exe
      C:\Users\Admin\AppData\Local\Temp\b9accc6f47c9af2b02b2d0e2baf27887.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\b9accc6f47c9af2b02b2d0e2baf27887.exe
    Filesize

    165KB

    MD5

    25f392c9d31b08fcbd39d6af56da9e8c

    SHA1

    910a7c9e6c44993f52dee34b6b59cab2d59b4410

    SHA256

    27491f232fe1c49bd487b5234208139a6fa724a1cde6d52d4a6e5db1d00435c3

    SHA512

    0aee112cd0275478afd68eb356e02ee97f6a8cd8b6f5a30c1e4ff69f661d18818b6a339bf474ae7a4d86a8ce8704a1bae7970d91c31d8cc8d6b460335f2f0cca

    Download Submit

  • memory/1796-18-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1796-16-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1796-28-0x00000000001A0000-0x00000000001BB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1796-23-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2396-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2396-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2396-3-0x0000000000140000-0x000000000016F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2396-14-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download