Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ccb1dd3c90...e2.exe

windows7-x64

7

ccb1dd3c90...e2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/03/2024, 00:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ccb1dd3c90e01c26ce55ce1985eb0ee2.exe

  • Size

    1.9MB

  • MD5

    ccb1dd3c90e01c26ce55ce1985eb0ee2

  • SHA1

    75bdbd828131b188c799075df7954307a1e8ad3c

  • SHA256

    9feea16e7a15ac924eb5077d936a96c3c6b2ec3a973c16fb20102f9c7a1af0a2

  • SHA512

    235e950b9fa3cd25bd15c4613a03f964ef816df640e776ababd6e1747e5382e90939e008a41aeeddf332360b59e93051e8861e42028a5005de968f864c8849bd

  • SSDEEP

    49152:Qoa1taC070dcZ7IuvkDIOwNYp2QmDpW6Thskn:Qoa1taC0NZvkDIO2Yp2QGW6lskn

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ccb1dd3c90e01c26ce55ce1985eb0ee2.exe
    "C:\Users\Admin\AppData\Local\Temp\ccb1dd3c90e01c26ce55ce1985eb0ee2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4796
    • C:\Users\Admin\AppData\Local\Temp\4575.tmp
      "C:\Users\Admin\AppData\Local\Temp\4575.tmp" --splashC:\Users\Admin\AppData\Local\Temp\ccb1dd3c90e01c26ce55ce1985eb0ee2.exe AF043B727FDF22BF0A691CB0EC84EF83B19FBEA2AF492B1B9B95CB7D5AC008D581357446E49A497DE9E2CCA7DEE8473F6BF711643477F76C50F007D309D2E176
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4575.tmp
    Filesize

    980KB

    MD5

    7435c3b24771f69e8125fec7cec0ef70

    SHA1

    8921ba6702fc768870236bf23ac1fc0bc14e647c

    SHA256

    c7696a4b7782b77ab83fadabcec32d905fdee2cdc59f580c63f47c9bbce06850

    SHA512

    698a16c1e2ff7d3f32bf1fadb6b54a798f06ad19dec698add8a1b119c3996cbcff9a5f43809051382fd01634e182fdc0a64b386395167a712413f8f550e094b6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4575.tmp
    Filesize

    792KB

    MD5

    7ba27d90b681ded8966974e2052748d3

    SHA1

    c15ccd1c3134958438880b3d662dcccb8806c4e3

    SHA256

    3ec38bbeb9a4d171bd1e27c13b4362d562c0807669fb1bef8ef33447b730c467

    SHA512

    8f64f9589a1c14ffdc32d58147a34488246f141db99d5a753080e3e25b78adfdb28c783fbc679a1060d6308d2fa80dc9d415e71db46848fdbdfa6e9faf939515

    Download Submit

  • memory/4268-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4796-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download