Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d5f714acef...41.exe

windows7-x64

7

d5f714acef...41.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/03/2024, 11:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d5f714acefb6b2382c97a4d4d914fe41.exe

  • Size

    1.6MB

  • MD5

    d5f714acefb6b2382c97a4d4d914fe41

  • SHA1

    a815b10ae1fbe59717f9514c2c2bb69760b79706

  • SHA256

    3a28bc4aec1ba0c0bab780725c75ccf9d501cab409582dcd11497410606382b8

  • SHA512

    e8d07e2e024beef73a399fd96f1ff56caf8215f1d59fd1baf1fc55caba21db00532ce8d857b1cd56234bfd89fd140b2064dd01aff1f004efc0bae48eff31d37c

  • SSDEEP

    49152:vlwUA8W2QelraEt2rxpn4MpAxfFKKbo3VEb0HKrQ26tMc:tA83lZrtW14bAtVY0HKrQ2O

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5f714acefb6b2382c97a4d4d914fe41.exe
    "C:\Users\Admin\AppData\Local\Temp\d5f714acefb6b2382c97a4d4d914fe41.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\Users\Admin\AppData\Local\Temp\d5f714acefb6b2382c97a4d4d914fe41.exe
      C:\Users\Admin\AppData\Local\Temp\d5f714acefb6b2382c97a4d4d914fe41.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\d5f714acefb6b2382c97a4d4d914fe41.exe
    Filesize

    1.6MB

    MD5

    1b7c4acfdd0462351ab4cb71a0b51ecb

    SHA1

    a8a74b0c218526bde92d9c7fe589c24d618c4ba1

    SHA256

    fee3cc65073949ad6c3865df51cfe5a4260eba2d54a05cdb9d18fbbda9b58ff4

    SHA512

    7465a7e92c6d8c78b8cc5d5aa45089d36494cd8752d533c3750ae1305521312f8265f0bec4e7b8d33ee197713ca3f335d43ae8a599fb21242217bc0f8c73e9f6

    Download Submit

  • memory/1464-0-0x0000000000400000-0x0000000000877000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/1464-2-0x0000000001EA0000-0x0000000002317000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/1464-1-0x0000000000400000-0x000000000064D000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/1464-11-0x0000000000400000-0x000000000064D000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2892-13-0x0000000000400000-0x0000000000877000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/2892-14-0x0000000001E00000-0x0000000002277000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/2892-15-0x0000000000400000-0x000000000064D000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2892-20-0x0000000005AD0000-0x0000000005D1D000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2892-21-0x0000000000400000-0x0000000000640000-memory.dmp

    Filesize

    2.2MB

    Download