Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d3cd5e3d8b...32.exe

windows7-x64

7

d3cd5e3d8b...32.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/03/2024, 15:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d3cd5e3d8bfe2cd2518647c7c0580832.exe

  • Size

    1.9MB

  • MD5

    d3cd5e3d8bfe2cd2518647c7c0580832

  • SHA1

    e287324208f2ffbacc09717cb223d3167820bae2

  • SHA256

    574885fcc6edf9608a66844f820d34f310e89f5f9f6584d24604dddecabe114e

  • SHA512

    81021501db0f3a632b900961db64096e926738b42ff332fe5ba791d651bd2b8f050f72bf9a6878b1a94c00029cfe88b0857c44133bcfb06656875d6ee92ad1c1

  • SSDEEP

    49152:Qoa1taC070dKx7f1rfD0aNYfY8cTD8RbccNm:Qoa1taC0r17oaNYfjciAcNm

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d3cd5e3d8bfe2cd2518647c7c0580832.exe
    "C:\Users\Admin\AppData\Local\Temp\d3cd5e3d8bfe2cd2518647c7c0580832.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3248
    • C:\Users\Admin\AppData\Local\Temp\4611.tmp
      "C:\Users\Admin\AppData\Local\Temp\4611.tmp" --splashC:\Users\Admin\AppData\Local\Temp\d3cd5e3d8bfe2cd2518647c7c0580832.exe 5ABD232089821CBAED901E199DC111892333BA7BB33789774336E23B03BDB88B56C72FF74FC126F25A3DCF1E15E1AF328C0D73AEF31C8E215FCE2000B700D396
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4611.tmp
    Filesize

    1.9MB

    MD5

    8ad89a8c5085e1d2f60b82c212fad2b7

    SHA1

    87a419728dfc4f6bb6946686d64e598bea4f96a2

    SHA256

    0c75ae6e7685d94daeed7dffcce0f86961fcf484c9ac15d71997a755e449d0c2

    SHA512

    0847a3997d6ed0bf05fcce8cb5377f62d6718223ad888c737605f34aa512e2b5a6ca1f3c413feb26318db740f01f91f782c5f480c749a3c33728494198632aaf

    Download Submit

  • memory/464-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3248-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download