Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d50c70f640...f3.exe

windows7-x64

7

d50c70f640...f3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/03/2024, 03:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d50c70f640c7bcce45131be09d6ee7f3.exe

  • Size

    744KB

  • MD5

    d50c70f640c7bcce45131be09d6ee7f3

  • SHA1

    507ac30eff4e1f1aeb8794bc96f846ca3c7d27af

  • SHA256

    467cfff8d80dd8c10e59807ada4a4e48409bbbd482364d10c9b93eef63061046

  • SHA512

    1b8abc90890966ede98e1c6e83bc7e523a3e2d45ee366b81e88e11f161ed5e21f3e12bbca2632908e2df29dbc0a2b7642104e9a012d68ce5ab057fa7471fea11

  • SSDEEP

    12288:uaHc64b888888888888W888888888889jscV7TdjL47zdU5imqsX3sv33rD+zG/d:F86IIW7uvmQBsHUezG/aYFkJR30F6rpM

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d50c70f640c7bcce45131be09d6ee7f3.exe
    "C:\Users\Admin\AppData\Local\Temp\d50c70f640c7bcce45131be09d6ee7f3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3160
    • C:\Users\Admin\AppData\Local\Temp\is-G4V0P.tmp\d50c70f640c7bcce45131be09d6ee7f3.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-G4V0P.tmp\d50c70f640c7bcce45131be09d6ee7f3.tmp" /SL5="$C0042,371795,121344,C:\Users\Admin\AppData\Local\Temp\d50c70f640c7bcce45131be09d6ee7f3.exe"
      2⤵
      • Executes dropped EXE
      PID:956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-G4V0P.tmp\d50c70f640c7bcce45131be09d6ee7f3.tmp
    Filesize

    1.1MB

    MD5

    34acc2bdb45a9c436181426828c4cb49

    SHA1

    5adaa1ac822e6128b8d4b59a54d19901880452ae

    SHA256

    9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

    SHA512

    134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

    Download Submit

  • memory/956-6-0x0000000000740000-0x0000000000741000-memory.dmp

    Filesize

    4KB

    Download

  • memory/956-9-0x0000000000400000-0x000000000052E000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/956-12-0x0000000000740000-0x0000000000741000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3160-0-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3160-2-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3160-8-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download