Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c422181318...e2.exe

windows7-x64

7

c422181318...e2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/03/2024, 19:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c422181318394d0453378765d2f652e2.exe

  • Size

    82KB

  • MD5

    c422181318394d0453378765d2f652e2

  • SHA1

    558b0b619e6618d704177b3e784cce5deb28f554

  • SHA256

    6e9a1d32587cdee9fa61b1f7404f626c457b88cc1d670bbc8c6d4dd53747835b

  • SHA512

    c7cbd5263f78fc299fa9c9a3ebab172c61561334c3ef435e91a7894ce1f77bc977e4ae13fef0c7e9eac82833bb569438f3fe4ae009b1a52d8df9d7e81b82e8c8

  • SSDEEP

    1536:ESQoWVaqZ83r/lP2rxgLpgo6mZ4geBW987tjxm6twYotaDShpYfq:APV1Z83r/VLYmZ4g987RNnWhifq

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c422181318394d0453378765d2f652e2.exe
    "C:\Users\Admin\AppData\Local\Temp\c422181318394d0453378765d2f652e2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1660
    • C:\Users\Admin\AppData\Local\Temp\c422181318394d0453378765d2f652e2.exe
      C:\Users\Admin\AppData\Local\Temp\c422181318394d0453378765d2f652e2.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\c422181318394d0453378765d2f652e2.exe
    Filesize

    82KB

    MD5

    20b6a63d4474983ae009dc1babd33dcb

    SHA1

    ce3a5bc61c5ee4b7bf9c10af673f45af83925189

    SHA256

    934818973fc8ab6fd975f89d64859982247aeca4ba98732260469d6438e399d1

    SHA512

    1687525f530455cf9f3180075d8fbd394e2dd2020daacc7a73830344f869762dc33b2b6c9e0001af6642d350102cdb5b91c6350d333c6cef55161cdbab65ac71

    Download Submit

  • memory/1368-18-0x00000000001D0000-0x00000000001FF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1368-23-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1368-24-0x0000000000330000-0x000000000034B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1660-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1660-2-0x0000000000160000-0x000000000018F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1660-1-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1660-15-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1660-12-0x0000000000310000-0x000000000033F000-memory.dmp

    Filesize

    188KB

    Download