Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

e14369c7d6...98.exe

windows7-x64

7

e14369c7d6...98.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2024, 08:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e14369c7d679e6578635020624468c98.exe

  • Size

    1.9MB

  • MD5

    e14369c7d679e6578635020624468c98

  • SHA1

    a0a83b99e0669ae935100ad55315b67e68842b71

  • SHA256

    615d453611e92a205875ed431633a96104537e3b1b50a7d8e897d1e5dd04191d

  • SHA512

    4947647a620c23d08d0ac884c819aadf183bcfc7a071e924b95adb6948a15fce252565279963548f9acb27a8020d0be6699258c61cc8a0cc4127e509e82cf259

  • SSDEEP

    49152:Qoa1taC070dv8jhUnFvAElY0SFCnBDsEr+:Qoa1taC0RNu42Yt056

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e14369c7d679e6578635020624468c98.exe
    "C:\Users\Admin\AppData\Local\Temp\e14369c7d679e6578635020624468c98.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1288
    • C:\Users\Admin\AppData\Local\Temp\12D5.tmp
      "C:\Users\Admin\AppData\Local\Temp\12D5.tmp" --splashC:\Users\Admin\AppData\Local\Temp\e14369c7d679e6578635020624468c98.exe DAE5FEBC92CBFAD5603D25A4ABD5190A462B72DF37AC3872FF374B53700A377F61920F1625D68AB49ACD9563516AC038B10D1FECA4D20B8AFDDD2AA7D5471E19
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\12D5.tmp
    Filesize

    1.9MB

    MD5

    6228e4e3778e294dd6b39bf3666872b2

    SHA1

    c313c84f57f9170417a3039997f5226d0e9470c9

    SHA256

    92bdb9530fdead16e30e5cd7d8e45be6e0ef3b8d93819207cc49e7c7c461b5fc

    SHA512

    7121fb1202f16f3b3344fdfd592264200677b390df8d09e4cc6cdd5c324b1e43037847954f4ba43ccfd077e49b6174f1399d8312b74c65aad81641f0aa14c102

    Download Submit

  • memory/1288-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1748-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download