Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ccb1dd3c90...e2.exe

windows7-x64

7

ccb1dd3c90...e2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    16/03/2024, 00:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ccb1dd3c90e01c26ce55ce1985eb0ee2.exe

  • Size

    1.9MB

  • MD5

    ccb1dd3c90e01c26ce55ce1985eb0ee2

  • SHA1

    75bdbd828131b188c799075df7954307a1e8ad3c

  • SHA256

    9feea16e7a15ac924eb5077d936a96c3c6b2ec3a973c16fb20102f9c7a1af0a2

  • SHA512

    235e950b9fa3cd25bd15c4613a03f964ef816df640e776ababd6e1747e5382e90939e008a41aeeddf332360b59e93051e8861e42028a5005de968f864c8849bd

  • SSDEEP

    49152:Qoa1taC070dcZ7IuvkDIOwNYp2QmDpW6Thskn:Qoa1taC0NZvkDIO2Yp2QGW6lskn

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ccb1dd3c90e01c26ce55ce1985eb0ee2.exe
    "C:\Users\Admin\AppData\Local\Temp\ccb1dd3c90e01c26ce55ce1985eb0ee2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\Users\Admin\AppData\Local\Temp\E34.tmp
      "C:\Users\Admin\AppData\Local\Temp\E34.tmp" --splashC:\Users\Admin\AppData\Local\Temp\ccb1dd3c90e01c26ce55ce1985eb0ee2.exe 9533FD2849458A19F1A46C2CFBA09B3A1622F4BD3F6C3B2FB38EDA710EFFD58788DA7ED3FEF8EC6A68D357A16EC7215C3F379A91DDBF721E881FCD95E0647F6B
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\E34.tmp
    Filesize

    1.9MB

    MD5

    50164d29da5a3a22434086d895374cde

    SHA1

    c011eb56bec5585b3e09bfbabe6551d711b1fee3

    SHA256

    ca86e9123180c21548ba8d88d22723778a90558ab72a6ce12d067f7fe0923dc6

    SHA512

    ea0069e9689d62fe5267a33c160b4946641ee4297cdb7a5434490bd0e6e0d39115d989c10c4d377ed4b0936996d857dd42908f752ecce0b42c13f628bc139d54

    Download Submit

  • memory/1708-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2100-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download