Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

db1246b73a...b6.exe

windows7-x64

7

db1246b73a...b6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/03/2024, 10:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db1246b73a43950a9ab702ec62f5e11c7b99d32df8fc06de2a6270b4706b56b6.exe

  • Size

    816KB

  • MD5

    b839fc872ccde58809f3eb72d0c6960a

  • SHA1

    510d05a3b1024b8f172b672f8440df41b51be2a4

  • SHA256

    db1246b73a43950a9ab702ec62f5e11c7b99d32df8fc06de2a6270b4706b56b6

  • SHA512

    07177c4ee742c908c1a9304b323dd7e3b3a8e78cf1c82af5e50fbbbe3d29060ec1b721b97a15ec11860743e4957ae92f04e61b52de9a5fa35a33f980f6332fd0

  • SSDEEP

    24576:7Y4G2qLMJalsnqShyoo77lUabuSvbDQOOdIxJsG9g:U3XZynV4oDabuWbDQOcIxJJ9g

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\db1246b73a43950a9ab702ec62f5e11c7b99d32df8fc06de2a6270b4706b56b6.exe
    "C:\Users\Admin\AppData\Local\Temp\db1246b73a43950a9ab702ec62f5e11c7b99d32df8fc06de2a6270b4706b56b6.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:3632
    • C:\Users\Admin\AppData\Local\Temp\1B0C0F0C120A156E155C15A0D0E160E0A160A.exe
      C:\Users\Admin\AppData\Local\Temp\1B0C0F0C120A156E155C15A0D0E160E0A160A.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:3004
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4204 --field-trial-handle=2700,i,14629483171127516024,12350888228055326066,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1544

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\1B0C0F0C120A156E155C15A0D0E160E0A160A.exe
      Filesize

      816KB

      MD5

      1392896775f39cf9f1c7125802893bd4

      SHA1

      cd975be6088f970839327746da9a164185c26d2a

      SHA256

      e54e2186ec04949cdd654eafde6742618833267a5567f22d3b48dab9d44538ca

      SHA512

      942d944398ac2c101125eaad80cf340714f430ea66d3ffb949699e233fc3e7f7bebb30ad654b9cf8c83011b705267a7bc8898f28e103f1b0811c635ccf822b43

      Download Submit

    • memory/3004-11-0x0000000000400000-0x00000000005AD000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/3004-8-0x0000000000400000-0x00000000005AD000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/3004-12-0x0000000000400000-0x00000000005AD000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/3632-0-0x0000000000400000-0x00000000005AD000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/3632-1-0x0000000000400000-0x00000000005AD000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/3632-2-0x0000000000400000-0x00000000005AD000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/3632-10-0x0000000000400000-0x00000000005AD000-memory.dmp

      Filesize

      1.7MB

      Download