Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

cac48e366f...bc.exe

windows7-x64

7

cac48e366f...bc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    15/03/2024, 06:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cac48e366f35e168543cd72174bf79bc.exe

  • Size

    1.9MB

  • MD5

    cac48e366f35e168543cd72174bf79bc

  • SHA1

    8478ecc21e512cbe1da3cb437ef855c68ee1cc38

  • SHA256

    7e72406531d30863136bb376afe8026504a7651ced5f4643782e4ccaddc17719

  • SHA512

    42da4cecf681987b7c6b4b7ecae0c0ba181e581f97faf48a90a0611a799f730c10361208f9f457aa3b4ccccacac8871a6faa48054df58f5439fdd5ece96265fe

  • SSDEEP

    49152:Qoa1taC070dJDSlKITKZ8nG+RJwEbrlzEed:Qoa1taC0qSlDTKZ8nG+prlzEed

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cac48e366f35e168543cd72174bf79bc.exe
    "C:\Users\Admin\AppData\Local\Temp\cac48e366f35e168543cd72174bf79bc.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Users\Admin\AppData\Local\Temp\1027.tmp
      "C:\Users\Admin\AppData\Local\Temp\1027.tmp" --splashC:\Users\Admin\AppData\Local\Temp\cac48e366f35e168543cd72174bf79bc.exe 1E8827F83139DFD4A00B37C9D18DD93BF3DC8723F3C82C612ACD513D3F6DC7BA2E6757108FC8C35B0C6FBE8E7D0116E6E73EB8E1192C600B598A89F2ED954F3D
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1027.tmp
    Filesize

    1.9MB

    MD5

    e52618635178e9b4d6fb3105c9b853c4

    SHA1

    4733f2dc35851ec6a6343910a9a84a7ee5e33903

    SHA256

    7102876eea3f2ccbcf4914ab18f71e5a2957cf86b9eb829f8bfd2f7fbe0e8294

    SHA512

    11b636642bd1277a2236d7c9f69fe8f6c08f00bcd1553d431fb404f2d2808e12986cff6d6f160f2e6edfad4b96a98ab612939f0c9781051ef027ada3c05e550d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\1027.tmp
    Filesize

    664KB

    MD5

    e9e0309eb07ce118a1598522d23811aa

    SHA1

    9c6dd22d46a670c0b74129a2152e7664bc28c853

    SHA256

    4ef8a68ba5adbc6a3a987cbba880ac540330d7853ef7b9bc2f96397fed799dee

    SHA512

    380aa0446726eae31bc30aef01f146090fa07596a3574f64bc9afcd1dbf0e578bb90e3e747a377088babaa797a2dcf65c0d1af7831e8e11400a9d197d96fdba9

    Download Submit

  • memory/2232-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2328-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download