Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d5983ffd31...54.exe

windows7-x64

7

d5983ffd31...54.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    157s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/03/2024, 07:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d5983ffd31e11152cd8f23c658e85554.exe

  • Size

    1.9MB

  • MD5

    d5983ffd31e11152cd8f23c658e85554

  • SHA1

    80d23604807c4ffdbc53716bb96f06a88b428756

  • SHA256

    5c441155aebf7815bd3bc256974dbe4ef39f526dd3bcd1b2cc72844658b2a84a

  • SHA512

    ce3140eb324e26135e067e47a7f714ed8768afbe7fd7fd536ce1a24b2a767b14e8c575ac001840de96582ee822d13f85ca6c397ecde8b78d99448cf61b16bc2e

  • SSDEEP

    49152:Qoa1taC070dpMo0TnMwPRr+iRihMeMDv7:Qoa1taC0ojikhc7

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5983ffd31e11152cd8f23c658e85554.exe
    "C:\Users\Admin\AppData\Local\Temp\d5983ffd31e11152cd8f23c658e85554.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3252
    • C:\Users\Admin\AppData\Local\Temp\1C2E.tmp
      "C:\Users\Admin\AppData\Local\Temp\1C2E.tmp" --splashC:\Users\Admin\AppData\Local\Temp\d5983ffd31e11152cd8f23c658e85554.exe 03B382FB025251CCCCB5C3E91F8745FA191C5580CF1E27004785EBE5A7709E3C48E5572E4F64A61C3505F8AB316ED2804320AD795EE7155F62A98923C331F5EB
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1700
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3932 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2212

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\1C2E.tmp
      Filesize

      559KB

      MD5

      ad42155a4e808d53d344c0dc2bcb95b7

      SHA1

      90fd131afc2ef61b78abfa1ce3266efc7a3d0d3f

      SHA256

      d23f8f502282377d38ea6bd1c3baf9060a2b05393ac42c449a45954721ab1a44

      SHA512

      d17d6ae7aa5356dc84d74860c03d01847ef822f3f27b7766d5345c3d93682d2668b37d4f9aa73404adcb6db1eca7548ed59fde35aad222536f190f1a8f80c988

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\1C2E.tmp
      Filesize

      419KB

      MD5

      6fbb5c50b515ae4972c66afbc54f37e7

      SHA1

      fb046d32694f4abca0e68fba09a374d524540ee1

      SHA256

      213196c69e89c5f1d9bb7800579ebef1cc36a5c0d8fc43c350312e287cf2c24d

      SHA512

      fe1820233827187878d00fdf4a7af187139ff9346bdff252efd69b2a4ff35f2a4d22d55c4f874a34662349f8238c2d79df08d2cf770c1c66fbc5106d0af61539

      Download Submit

    • memory/1700-5-0x0000000000400000-0x00000000005E6000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/3252-0-0x0000000000400000-0x00000000005E6000-memory.dmp

      Filesize

      1.9MB

      Download