Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

de821d2514...2a.exe

windows7-x64

7

de821d2514...2a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25/03/2024, 17:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de821d2514c948fe04b2c6d47334012a.exe

  • Size

    717KB

  • MD5

    de821d2514c948fe04b2c6d47334012a

  • SHA1

    3eaf1268d686d6aa30000e6224c3467ac2e49ec6

  • SHA256

    b75a4fd5561af36e042ad8ff0065f21e89305bb2a8fb6d4b25d2158c4b3e0dad

  • SHA512

    f183e9ea5a9532e68a2132de6178e958aa1bb6705893e1053df22032e6e0ff11a02a4e9439813d0858a465e5685529938eb38511e2716e64a3ec942b2010626f

  • SSDEEP

    12288:mGwF8DRXgVPqaoXNoEixlbjDm+3z2AJLDl16ncmglhRvpwkFuK8dilJJYLKJw8a:7zXKqa8SEijjC+37li6hPHGirn28a

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\de821d2514c948fe04b2c6d47334012a.exe
    "C:\Users\Admin\AppData\Local\Temp\de821d2514c948fe04b2c6d47334012a.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2172
    • C:\Program Files (x86)\pxxlx\zo.exe
      "C:\Program Files (x86)\pxxlx\zo.exe"
      2⤵
      • Executes dropped EXE
      PID:1932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files (x86)\pxxlx\zo.exe
    Filesize

    733KB

    MD5

    c447a6917c7d877a1d04784816575314

    SHA1

    2d602db73df6868ca11d0b114960e164cc77f87d

    SHA256

    6cf0d33f22893181970658435e277b0ed0b822661952842058348a0e691ebfaf

    SHA512

    ad66a1a6cf3d0f09e8e7c857b5071c47dad5667969838370e5260a53c492405bdf6ccfa04438c368f3ee2224f94dbd6bec4fd4c617f136e168525bec7629fd85

    Download Submit

  • memory/1932-6-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1932-9-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1932-10-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2172-0-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2172-1-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2172-8-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

    Download