Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d4f018848d...18.exe

windows7-x64

7

d4f018848d...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2024, 02:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d4f018848d0649e7532fdc225ba35218.exe

  • Size

    650KB

  • MD5

    d4f018848d0649e7532fdc225ba35218

  • SHA1

    e585b5193b26dcd98460f20a5b02349171ee0403

  • SHA256

    ac47433161da74e7b625bfb51583891bbb15e3f1d3b9903c28101689835dd467

  • SHA512

    1245b4c678260cf5d7b18436ef1bc184c15375ef36968e879898dd0b49fa3ff7a4de5776f024b20049aaf0190a09f8ad827b73f0a365b67d2d791ce54a2d0d5d

  • SSDEEP

    12288:MLry/neyx7f/A64j7P+tixhT8n3qBmc1YkVYcrKZnfJPRZINZN:qKeyxTAJj7P+yW6mc1YgeZfZRZIDN

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d4f018848d0649e7532fdc225ba35218.exe
    "C:\Users\Admin\AppData\Local\Temp\d4f018848d0649e7532fdc225ba35218.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Program Files (x86)\oulsqtrckg\r.exe
      "C:\Program Files (x86)\oulsqtrckg\r.exe"
      2⤵
      • Executes dropped EXE
      PID:2216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\oulsqtrckg\r.exe
    Filesize

    673KB

    MD5

    a2aee37a3523bb94a7abcb0e0d10d639

    SHA1

    b23fb2a79306b1f9f2b8ccac53e891d76cb2b9fd

    SHA256

    d049fed6031f981cd256def27f7e43e28a5af9a089e59d07de5cb7489cdfb023

    SHA512

    fd73e369eed19c755af5933649db676f675415d8ad375400aa5794ed244e4ab72b13ac7ea82c4c99d43bb5dad5af28be40e025b14574f04beb2144d326a54846

    Download Submit

  • memory/1736-0-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1736-1-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1736-7-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2216-9-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2216-8-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download