Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

de60b093f6...f4.exe

windows7-x64

7

de60b093f6...f4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    25/03/2024, 15:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de60b093f6130673be6003278e11b0f4.exe

  • Size

    116KB

  • MD5

    de60b093f6130673be6003278e11b0f4

  • SHA1

    28fbd69221d198d09ba23ae4586b6e0e4afbbe1f

  • SHA256

    3c485ed0fc7bbbb8daa32a7e041c9bc16cb2c03c79875e70dc660e1ffcc49a64

  • SHA512

    6a9626f6c04121dcc42ec8e85dcac1d1b60aab11ce3bf86d2d2c81ef04275c5fb9f14628a3f8626b281feb3154cdd63e90b7b36add91bb1fa11935bcca1b14b6

  • SSDEEP

    1536:e8MFN7qNlfNe+zLipk+JOmuvBGVa/TYareDRRdauTZ8yEnm+Ad4gricMsF:Cb7q71LzLikOupGVgeDsuTZAo4lsF

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\de60b093f6130673be6003278e11b0f4.exe
    "C:\Users\Admin\AppData\Local\Temp\de60b093f6130673be6003278e11b0f4.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2604
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Mqf..bat" > nul 2> nul
      2⤵
      • Deletes itself
      PID:2540

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Mqf..bat
    Filesize

    210B

    MD5

    68cc8482ae0b4a1539e40cfc8d5c3d25

    SHA1

    9e5b46430a4a53a762814a6685e92b3f058bd126

    SHA256

    e06690020370b7c115b3d7bbaccc25863e4012f8c6ccc3ac3a7561d9053ae900

    SHA512

    60aab0f4f1fee174ef80debcff14d15cfbfb11453a4c586ad9baf81d2c572b50cde34eb496d4d361994a546d77979519a7d497baaea0b13c6f8ce39ce9c8ff2b

    Download Submit

  • memory/2604-0-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2604-1-0x00000000001A0000-0x00000000001AC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2604-2-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2604-4-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download