Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c7b238b313...84.exe

windows7-x64

7

c7b238b313...84.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/03/2024, 04:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c7b238b313e58abff1e3c86ecfffe084.exe

  • Size

    1.1MB

  • MD5

    c7b238b313e58abff1e3c86ecfffe084

  • SHA1

    c37caaf5063176ed83c968f1cdbe4493c4a2ee9f

  • SHA256

    7e3cc1a0a7cbb171be733b3835d77dc0b1c8e6e2159b5e988b53752628f68282

  • SHA512

    1d72c03f43e39122e47e57817854387393bbe8c797819eab09f8992c6419a5ad08c00e1f5f5020fb100847878fe712a82aa47457011b7c3693dcb3d38ffbc263

  • SSDEEP

    24576:SypW9SgLNZaOdcTMuUvxIgAFOS2B6wl0zwkkX3+FpHcFPpgEjam1I0idjlQ:St9SgLNZa6xI3FdjzwkWWHcFPjrIl3Q

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c7b238b313e58abff1e3c86ecfffe084.exe
    "C:\Users\Admin\AppData\Local\Temp\c7b238b313e58abff1e3c86ecfffe084.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3528
    • C:\Users\Admin\AppData\Local\Temp\E407.tmp
      "C:\Users\Admin\AppData\Local\Temp\E407.tmp" --pingC:\Users\Admin\AppData\Local\Temp\c7b238b313e58abff1e3c86ecfffe084.exe 7EAC025E5B506DFDE59B4DFE16515FE043ABB7AE2EFA01199FD20738722C420EB06F452C61CEDCD7A991B72359F854BD2331A4CF27E9C1B9B2381817EFF85A4B
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2744
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1032 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2532

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\E407.tmp
      Filesize

      1.1MB

      MD5

      7a138815d9b1cc8a3780ede0ae112dc9

      SHA1

      680197129eac9c14d6e8d0e08ba7a9717ffbd5b4

      SHA256

      c8a4ccb854b58f15b5fd9bc62284cf880791f2d222a6c0d6d3c400e0d222105f

      SHA512

      037b242ba57938611486aed8cd70e2c2a0ee152f4825026d1bd9720d745e9ff78055c0fb5a645e62ad106c0c0a42c1078417b6d5b1aaf837bc50423ec226d6d7

      Download Submit

    • memory/2744-7-0x0000000000DE0000-0x0000000000F25000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3528-0-0x0000000002410000-0x0000000002460000-memory.dmp

      Filesize

      320KB

      Download

    • memory/3528-1-0x0000000000450000-0x0000000000595000-memory.dmp

      Filesize

      1.3MB

      Download