Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

909d4ea0d3...b6.exe

windows7-x64

7

909d4ea0d3...b6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    168s
  • max time network
    180s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/03/2024, 22:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    909d4ea0d35b7f78f6b01ec71197d2043405960eae13498bc4f029936a75e1b6.exe

  • Size

    94KB

  • MD5

    bf3ed8613aa1f81316fb516c0bfe2fe5

  • SHA1

    e5d829d2fca465db0cf96ed879aa3b9955c9d1c1

  • SHA256

    909d4ea0d35b7f78f6b01ec71197d2043405960eae13498bc4f029936a75e1b6

  • SHA512

    1e942cc9f8107a98b16f554e8da5c5f6732411bea2b8eac7bd9f8962b64e6c97829f0bbac192726bfc3f7753418b9e33f7f35da97c4217bcaf52793237e574f7

  • SSDEEP

    1536:Sdyql1M7wIIEuti7rEYivykYkpaWj0OlgG7mJAm/lGb3clsH:SdV1Z1i3QKqlgGCJr/lAH

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\909d4ea0d35b7f78f6b01ec71197d2043405960eae13498bc4f029936a75e1b6.exe
    "C:\Users\Admin\AppData\Local\Temp\909d4ea0d35b7f78f6b01ec71197d2043405960eae13498bc4f029936a75e1b6.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:3896
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\_del.bat
      2⤵
        PID:2052
    • C:\Windows\SysWOW64\sppsrv.exe
      C:\Windows\SysWOW64\sppsrv.exe
      1⤵
      • Executes dropped EXE
      PID:2416

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_del.bat
      Filesize

      294B

      MD5

      d8574e18218b262fa731397474b5e4e1

      SHA1

      48ba99ab79a884ffd6fc2b6a3bd8cbdfdd260247

      SHA256

      7a4fbd296ea93fdb713787c3583285a6d621cdd0d5fbc720069b9028f01f9659

      SHA512

      133674179ba050fe00cd23ea5e236daf6bfa2e6247b39b5ada2e3c1aa78ba85d011debb61622f89a9436ded45028ab5e0f0a01ef7ef70533cb4410e04bfe86bb

      Download Submit

    • C:\Windows\SysWOW64\sppsrv.exe
      Filesize

      94KB

      MD5

      a6a49c876c5fe6a8d67a5eed6ca22865

      SHA1

      783beec54a1a0e308f615a7565929a1bf3feccd7

      SHA256

      1707b6c8cc8df9e179e1ada0aefce6a1796d2f58797d64409b47a01dfe5001ab

      SHA512

      9e019bf9fb4cda9068eb0a7bd741ef37c65f3b2980dc9788c423989046446f9960f6434f5d6f57442bdf4c7a00861f9d4026efdbdf55b2643511f6c1df2a270a

      Download Submit

    • C:\Windows\SysWOW64\xpwunp.dat
      Filesize

      740B

      MD5

      3ac0a2466b2c5293d428f31e81520d2e

      SHA1

      d319e8de4ae3dc3cfe21da8428d4ed28c09e5a45

      SHA256

      5e98d1fde270050d149d2d1c7cd2240d5afc887471e7725ab0ebd394033fae37

      SHA512

      913fe5dbe4b1cbcc03be436c59f8170ba65dbe5e71f0515f0818b1822bc9937fd37d766ac388863a8baf8a544efc355d65b9e9085b2a9f64c07f000aa1b982ec

      Download Submit