Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

de18205d81...00.exe

windows7-x64

7

de18205d81...00.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/03/2024, 13:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de18205d811fcbe6158e492e1e76cc00.exe

  • Size

    2.9MB

  • MD5

    de18205d811fcbe6158e492e1e76cc00

  • SHA1

    2e3711e2f3be38a6e2e7d552eab15f1b370f0c06

  • SHA256

    0c223a04a3eeb288383eeed66e45421adc6e0537eed7acb6e5d9468b2647b2a8

  • SHA512

    e5bb3e5d007792065c9a2fe7e705ba665e44ac7d30b143966022aa52296f906c647a9def2693a632c41afedf827b71cd5a30b8c4fc83ced55db2b9c656984c06

  • SSDEEP

    49152:lICmgFsYbAUOKRGcx23Bn3jBSiD3a9Eh8jmq9s8VAB+PeB6tbKiw8Vdb6X:lICm/YbAKRGcx23Llh8jNtlmYt+4o

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\de18205d811fcbe6158e492e1e76cc00.exe
    "C:\Users\Admin\AppData\Local\Temp\de18205d811fcbe6158e492e1e76cc00.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2676
    • C:\Users\Admin\AppData\Local\Temp\de18205d811fcbe6158e492e1e76cc00.exe
      C:\Users\Admin\AppData\Local\Temp\de18205d811fcbe6158e492e1e76cc00.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:5012
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3956 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2468

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\de18205d811fcbe6158e492e1e76cc00.exe
      Filesize

      1.3MB

      MD5

      ed869a677f64ae7cc67cdaab644a72fa

      SHA1

      d36941dc89a9fe32b32d3ba41bfa53c85553a468

      SHA256

      61370a7b2b29751c02000c05fef7f11006ac252ad5b82bc2df3387a3b8c7e742

      SHA512

      950122d42262d273f8de82860c4358ed961a33b1da33eb5bd06fe6e16974145214dc418a2ce1b6cca279a38ca790b550b753635e1cc00988a7fdfc158d6b925b

      Download Submit

    • memory/2676-0-0x0000000000400000-0x00000000008EF000-memory.dmp

      Filesize

      4.9MB

      Download

    • memory/2676-1-0x0000000001CD0000-0x0000000001E03000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2676-2-0x0000000000400000-0x000000000062A000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/2676-12-0x0000000000400000-0x000000000062A000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/5012-13-0x0000000000400000-0x00000000008EF000-memory.dmp

      Filesize

      4.9MB

      Download

    • memory/5012-14-0x0000000001D10000-0x0000000001E43000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/5012-15-0x0000000000400000-0x000000000062A000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/5012-20-0x0000000005610000-0x000000000583A000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/5012-21-0x0000000000400000-0x000000000061D000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/5012-27-0x0000000000400000-0x00000000008EF000-memory.dmp

      Filesize

      4.9MB

      Download