Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

cd347fee47...b1.exe

windows7-x64

7

cd347fee47...b1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/03/2024, 05:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cd347fee47fe96eea5a33d64ec43a3b1.exe

  • Size

    4.6MB

  • MD5

    cd347fee47fe96eea5a33d64ec43a3b1

  • SHA1

    6859ef908fe514368eb45fe1647629319dcb3614

  • SHA256

    1c0773db87b9231483d3c96f4cb37a85d7c731fcd1cd9903918ee06d59a3a261

  • SHA512

    2f8e084e927b9a5e3cb18db8ff8a683065b80662926edfedf97cb3e3c09aa3597b07bca447b6f5fbb043bd18239e601c8735e07e40396ffba62981bd2dc2f08e

  • SSDEEP

    49152:EQFRHrmQG+dQG+jG+SGhxQG+dQG+jG+SGhQmQG+Z9+jG+SGhxQG+dQG+jG+SGhQU:EcKeWeY9eY+09eG

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cd347fee47fe96eea5a33d64ec43a3b1.exe
    "C:\Users\Admin\AppData\Local\Temp\cd347fee47fe96eea5a33d64ec43a3b1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2528
    • C:\Users\Admin\AppData\Local\Temp\g.exe
      C:\Users\Admin\AppData\Local\Temp\g.exe -run C:\Users\Admin\AppData\Local\Temp\cd347fee47fe96eea5a33d64ec43a3b1.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:3528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\g.exe
    Filesize

    4.6MB

    MD5

    e80aa511a70ffde6d84956e7540cd36a

    SHA1

    6fb2431ec865430e2565c71e91f1552fa19a6975

    SHA256

    2eda4b8d8a5cacdd30127120f131d3474d013c50ed0be724c76eb54ad4adfc96

    SHA512

    7770a2cb4bff15005f261acae6c39f6b4b7c70cdf89f0d64648873b815b1aac43a2ea8df0a843c8754a7d48d46226506b482ad1a09b021567de3487847e1844c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\g.exe
    Filesize

    4.9MB

    MD5

    f30dac9b150b5587be6835de0172ddfd

    SHA1

    0fea615290beaf6faf90828d5cea79d8b9162bbe

    SHA256

    2672078b0cd1963da2886c85823b4d3049e0a0ae1e19d9093995f9eac3635cc6

    SHA512

    6b672e8a224a58ce917e487465e34844f4b7b40a933a800482f8e56ea696d2f20716d247ecbfa9e41fff17a189ae6a5c97e5ac31054ad8cc55ef89044d7b3db3

    Download Submit

  • memory/2528-0-0x0000000000400000-0x0000000000536000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2528-1-0x00000000022D0000-0x0000000002320000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2528-2-0x0000000002360000-0x0000000002361000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-3-0x0000000002350000-0x0000000002351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-4-0x0000000002380000-0x0000000002381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-7-0x0000000002370000-0x0000000002371000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-5-0x0000000002340000-0x0000000002341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-8-0x00000000024C0000-0x00000000024C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-9-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-10-0x0000000002390000-0x0000000002391000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-11-0x0000000002D90000-0x0000000002D92000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2528-12-0x0000000002560000-0x0000000002561000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-13-0x0000000002520000-0x0000000002521000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-14-0x0000000002510000-0x0000000002511000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-15-0x0000000002540000-0x0000000002541000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-16-0x0000000002500000-0x0000000002501000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-17-0x0000000002530000-0x0000000002531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-18-0x0000000002570000-0x0000000002571000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-21-0x0000000002580000-0x0000000002581000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-27-0x00000000025F0000-0x00000000025F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-26-0x0000000000400000-0x0000000000536000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2528-25-0x00000000025C0000-0x00000000025C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-24-0x00000000025D0000-0x00000000025D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-22-0x0000000002610000-0x0000000002611000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-28-0x00000000022D0000-0x0000000002320000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2528-30-0x0000000002D80000-0x0000000002D86000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2528-29-0x00000000025B0000-0x00000000025B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-31-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-32-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-33-0x0000000003500000-0x0000000003501000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-34-0x0000000003960000-0x0000000003CE4000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/3528-36-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-37-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-38-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-39-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-40-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-42-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-43-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-41-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-44-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-45-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-46-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-47-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-48-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-49-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-52-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-51-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-50-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-53-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-54-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-55-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-56-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-57-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-58-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-59-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-60-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-61-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-62-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-63-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-64-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-65-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-66-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-67-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-68-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-69-0x0000000003960000-0x0000000003961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-153-0x0000000000400000-0x0000000000536000-memory.dmp

    Filesize

    1.2MB

    Download