Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

d63d397012...df.exe

windows7-x64

5

d63d397012...df.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    138s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/03/2024, 13:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d63d39701226a35e27f8c660ef5d8edf.exe

  • Size

    208KB

  • MD5

    d63d39701226a35e27f8c660ef5d8edf

  • SHA1

    c3533a33e888e9aff1ee976c5c6a6b782146a0f3

  • SHA256

    2d7fa8aaa8464fa8e33585a2ab47cfeddbdf2822baefb7cca61d33617879ee51

  • SHA512

    6841c7f951ca2e09dd8108f94d18bdb5bca9e55a273c019c89e4feff48013bf8d1fd5e3fb2518e3e8f3325f6bd8108b7d7d5f24e1ab8759d764406511a8059f9

  • SSDEEP

    3072:5qwCsowFS0bPwJa3rYtD6QaL0qixPbnz03lk/3eY0kUPxF29BepIUOaOdphRoWst:pbosS0bPwJAUtD6nKxbn9O/kU3YpLot

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3352
      • C:\Users\Admin\AppData\Local\Temp\d63d39701226a35e27f8c660ef5d8edf.exe
        "C:\Users\Admin\AppData\Local\Temp\d63d39701226a35e27f8c660ef5d8edf.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1632
        • C:\Users\Admin\AppData\Local\Temp\d63d39701226a35e27f8c660ef5d8edf.exe
          C:\Users\Admin\AppData\Local\Temp\d63d39701226a35e27f8c660ef5d8edf.exe
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2052

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1632-0-0x0000000000400000-0x00000000004D2000-memory.dmp

      Filesize

      840KB

      Download

    • memory/1632-1-0x0000000000400000-0x00000000004D2000-memory.dmp

      Filesize

      840KB

      Download

    • memory/1632-7-0x0000000000400000-0x00000000004D2000-memory.dmp

      Filesize

      840KB

      Download

    • memory/2052-4-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2052-6-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2052-8-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2052-9-0x0000000010000000-0x0000000010013000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2052-15-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2052-16-0x0000000010000000-0x0000000010013000-memory.dmp

      Filesize

      76KB

      Download

    • memory/3352-10-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

      Filesize

      28KB

      Download

    • memory/3352-11-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

      Filesize

      4KB

      Download