Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

91f6aad406...ec.exe

windows7-x64

7

91f6aad406...ec.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/03/2024, 02:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    91f6aad406d70879075bde7a27e7b1bb2c137135c41c251a54afec395c21c7ec.exe

  • Size

    816KB

  • MD5

    b0a129a11802a5a1fbe66e6f6a9824de

  • SHA1

    b7b278ac6ac65de9691c3385bac11039e63888ba

  • SHA256

    91f6aad406d70879075bde7a27e7b1bb2c137135c41c251a54afec395c21c7ec

  • SHA512

    c9ca672c9f7877b41a6010b0d14448956e72037ac92d090373bf307b8e49936db59731ba426f121889f0b7d1afe4343b2aa603b787587b621c81620d1a45a5cb

  • SSDEEP

    24576:AY4G2qLMJalsnqShyoo77lUabuSvbDQOOdIxJsG9U:t3XZynV4oDabuWbDQOcIxJJ9U

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\91f6aad406d70879075bde7a27e7b1bb2c137135c41c251a54afec395c21c7ec.exe
    "C:\Users\Admin\AppData\Local\Temp\91f6aad406d70879075bde7a27e7b1bb2c137135c41c251a54afec395c21c7ec.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Users\Admin\AppData\Local\Temp\1F0B0A0A120D156B155A15E0D0E160F0E160E.exe
      C:\Users\Admin\AppData\Local\Temp\1F0B0A0A120D156B155A15E0D0E160F0E160E.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:1980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1F0B0A0A120D156B155A15E0D0E160F0E160E.exe
    Filesize

    816KB

    MD5

    d0e4cfac49675650da15edc044bed4ca

    SHA1

    271ccbb8928628aeb454cdf77218770f912899d4

    SHA256

    3fe5b98c6909fb3bf8cac2bc3f31ea596d4d27ff82a40a9d1267acfb14ad20e8

    SHA512

    ea21f077a6d2b9d165241493f5699cc2d7f4f681bc17b205d628814ff432667e36e127168278ddd72c69c996a48317a98117688a02192c4ff0016d76f68a0e83

    Download Submit

  • memory/1688-0-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1688-2-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1688-9-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1980-8-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1980-11-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1980-12-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download