Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

5a87ff3480...e8.exe

windows7-x64

7

5a87ff3480...e8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2024, 19:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5a87ff3480de74e4817f6c94811c00c4adb1648ab58129183ccc30664a1195e8.exe

  • Size

    244KB

  • MD5

    2864ab43f3b20cf0eb1464c62781af8d

  • SHA1

    573d0f9c8dbb1c22aaf4e27c1d633b053b985980

  • SHA256

    5a87ff3480de74e4817f6c94811c00c4adb1648ab58129183ccc30664a1195e8

  • SHA512

    b437c214672cabb1e0219b568ccc4eca89c28c0641194ab66ffcf7f1fcc7a55e08c5e95f158461e779ffe2a9b51555c2942ab6604bc0edca72cb62022e042c91

  • SSDEEP

    3072:SvVQLIkLWeaA8KlCph9Prow2d77sap/y5n2QTA:UVbk6pNQOrmFlp/y5ng

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a87ff3480de74e4817f6c94811c00c4adb1648ab58129183ccc30664a1195e8.exe
    "C:\Users\Admin\AppData\Local\Temp\5a87ff3480de74e4817f6c94811c00c4adb1648ab58129183ccc30664a1195e8.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Program Files (x86)\fab16b05\jusched.exe
      "C:\Program Files (x86)\fab16b05\jusched.exe"
      2⤵
      • Executes dropped EXE
      PID:2504

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\fab16b05\fab16b05
    Filesize

    17B

    MD5

    7bdf61d37c9adf3e1c6937107016091f

    SHA1

    56b8e0c454f9dd16d508a04b3afa7e458453ac41

    SHA256

    4c57d86c256214baa0a5a3322ef5cdd575210455b7e964ad60382bd9d4be12e0

    SHA512

    ff4fc1a427c84f47042375749f45ee6edea73b902ae977f14243ebceb7b9a28f41fe5dd404e3ea381754d9122202bc6b61ed0152b20a1c1be76c225dd20861d1

    Download Submit

  • \Program Files (x86)\fab16b05\jusched.exe
    Filesize

    244KB

    MD5

    507222e1ecef139c4d7492cb2d986915

    SHA1

    b865259ffbe437f79235dc846135faf2e52f3bf3

    SHA256

    f19030b3efc124e7dded3b5fd4d16019ab160e65e2f4db7d0847b1b48c226c61

    SHA512

    831514e842276472b20f4bced73ee948c336379d45db36d4cefb9d18652c010ee5d9c41f7830ba6da26a84264e041a9e48e16f3fca63bf4a519f041f813ced17

    Download Submit

  • memory/2332-0-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2332-7-0x0000000002670000-0x00000000026BC000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2332-13-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2504-14-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download