Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d217f798e7...fe.exe

windows7-x64

7

d217f798e7...fe.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    09/04/2024, 20:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d217f798e79ee612cbdc11cef1723dfe.exe

  • Size

    320KB

  • MD5

    d217f798e79ee612cbdc11cef1723dfe

  • SHA1

    fff19d72fed7d1d421c1b0d4b6622fec25f81d86

  • SHA256

    245e2e8e3bcb9a3db37d8274bf567402475cb3d176596a509ee305fb1f9b0515

  • SHA512

    fd6dc5b80f0c21a9ad1ffb1e02f5ed5686a81e4b2676597c8bdc22c1f0f775e2a98313a12441c833b7b4a83c468e078f70797f0697b30d41b04f006bf42f90b5

  • SSDEEP

    6144:gIVq8LxO4M5pw1klL7nrUOdki9F6Er53BDu0W7cyqCxSngmMBqfycuPbUl0i5j:PjLxu5K1CDY1gZ53p80npM4dl0s

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d217f798e79ee612cbdc11cef1723dfe.exe
    "C:\Users\Admin\AppData\Local\Temp\d217f798e79ee612cbdc11cef1723dfe.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Users\Admin\AppData\Local\Temp\d217f798e79ee612cbdc11cef1723dfe.exe
      C:\Users\Admin\AppData\Local\Temp\d217f798e79ee612cbdc11cef1723dfe.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of UnmapMainImage
      PID:1980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\d217f798e79ee612cbdc11cef1723dfe.exe
    Filesize

    320KB

    MD5

    7752888433f4add657400a6102d7d232

    SHA1

    783d4f3eb6d8f24e0f766baf84e7502dc7890f2a

    SHA256

    0c2bc37ee39f33d79200b6355873ea2aff6f2fb62bdef654313616cafb3f4692

    SHA512

    026d7974d3fe29df7d6a7db56b59c0d108220bddc4f0807369935f64d206ff02e6ba73a7d9b2dcd3b816e76b2cc8fadb0133364d83faee261151cd85421ea28a

    Download Submit

  • memory/1980-9-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1980-11-0x00000000001C0000-0x00000000001FC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1980-10-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2012-0-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download