Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

e1a4267c47...d1.exe

windows7-x64

7

e1a4267c47...d1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240319-en
  • resource tags

    arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2024, 12:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e1a4267c475a0a9a2c92e312246e93d1.exe

  • Size

    1.3MB

  • MD5

    e1a4267c475a0a9a2c92e312246e93d1

  • SHA1

    bb09a7693bc71f759a96659653e1db802e0699a7

  • SHA256

    b78d97bb58e7aa39565ebee84b814808482b97dc21926420d09c6ed2a2530303

  • SHA512

    3b7b9ebaa0659c6d8b1dacac2732673ce5acc9d0b4f5c03ef2f52b00faacc301455f21a36a0de873aaaa3f096bcbd3670b83be9037afe11e6ee623790a682d32

  • SSDEEP

    24576:tLpRbBEIZSWon/RxCroPZe0RcnRdbMfrnRmtmS0HxvG:rRbBEI2n5gAY0RcnbwfrRmy

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e1a4267c475a0a9a2c92e312246e93d1.exe
    "C:\Users\Admin\AppData\Local\Temp\e1a4267c475a0a9a2c92e312246e93d1.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\Users\Admin\AppData\Local\Temp\e1a4267c475a0a9a2c92e312246e93d1.exe
      C:\Users\Admin\AppData\Local\Temp\e1a4267c475a0a9a2c92e312246e93d1.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\e1a4267c475a0a9a2c92e312246e93d1.exe
    Filesize

    1.3MB

    MD5

    3c0356ec7d1d9efadf998cafd05643a7

    SHA1

    a093a9a79a624266d2365fc4f6bc2ba7f5852843

    SHA256

    7f81050af264775360349aff8569ce541b9b2528cb81951674dfe2fa5f558fb6

    SHA512

    a047c65cd2564ffb666cc4cc3a28e577e0366c4fb9c0b582d060f55b0c3b9ae47487b497cd3f147408d4e76d33aa9ca4a6dd312018710cb21d69477c90c9d28a

    Download Submit

  • memory/2180-17-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2180-18-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2180-19-0x0000000001A60000-0x0000000001B72000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2180-26-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2880-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2880-1-0x0000000001A60000-0x0000000001B72000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2880-2-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2880-15-0x0000000000400000-0x00000000005F2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2880-14-0x00000000033F0000-0x000000000385A000-memory.dmp

    Filesize

    4.4MB

    Download