Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

bc06b185b2...06.exe

windows7-x64

7

bc06b185b2...06.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/03/2024, 14:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc06b185b2ebe77da0eceefabb34e406.exe

  • Size

    1.6MB

  • MD5

    bc06b185b2ebe77da0eceefabb34e406

  • SHA1

    1548f7b54492dd35d6dd8ab8fb772fc8ff837cb8

  • SHA256

    7315f7c2f5aa05465579cf75721ed2eb6a4537ae0bcbefd3955487be9c3dde9b

  • SHA512

    c63768a60de07b0ff50d02b751493a76970ffe4e3f4a28e369d77e6844bd684281dbc17acdeded4fd2ac2c992d8ea5ab51fa4f52b9a065bfe0a951d4912c83da

  • SSDEEP

    24576:n4sz1a4PlLjOZjzeU1LHR0V9q9GNdHT231mfmK3zKq96BfQpV4QKSvEvkMY0gYGY:FPXOJzeaHqV9eGzzjXp7JsT26tMc

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc06b185b2ebe77da0eceefabb34e406.exe
    "C:\Users\Admin\AppData\Local\Temp\bc06b185b2ebe77da0eceefabb34e406.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1780
    • C:\Users\Admin\AppData\Local\Temp\bc06b185b2ebe77da0eceefabb34e406.exe
      C:\Users\Admin\AppData\Local\Temp\bc06b185b2ebe77da0eceefabb34e406.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\bc06b185b2ebe77da0eceefabb34e406.exe
    Filesize

    1.6MB

    MD5

    2bd65d86c6067904e3773d0f3849597e

    SHA1

    da8291dfb8cf3f73e8c062cd65f310792188deeb

    SHA256

    ed2934cc72d16e77718db96f9ee9a1b99703ee53a665e67452ca1323dd3a4e54

    SHA512

    51f13779dc9c144c72cfc6fea3943d8b5d73bbd63d3d71f42901c87c936a2955b9fa5d114b52a0818997b623d217a1085ea6b7d72619faa9f384ecbf9c68a42d

    Download Submit

  • memory/1420-13-0x0000000000400000-0x0000000000877000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/1420-14-0x0000000000400000-0x000000000064D000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/1420-19-0x0000000005930000-0x0000000005B7D000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/1420-20-0x0000000000400000-0x0000000000640000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1780-0-0x0000000000400000-0x0000000000877000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/1780-1-0x0000000001D70000-0x00000000021E7000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/1780-2-0x0000000000400000-0x000000000064D000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/1780-11-0x0000000000400000-0x000000000064D000-memory.dmp

    Filesize

    2.3MB

    Download