Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

f1fafa93a5...f5.exe

windows7-x64

7

f1fafa93a5...f5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17/04/2024, 06:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f1fafa93a5a2763ea73375aad3369bcb851b7301146dbe2b9f9949b22f7094f5.exe

  • Size

    433KB

  • MD5

    77cd23afe8b3662766709102f1f21a81

  • SHA1

    ba63e8df39bfa15112e8fe53ff28b0569dd11fb5

  • SHA256

    f1fafa93a5a2763ea73375aad3369bcb851b7301146dbe2b9f9949b22f7094f5

  • SHA512

    fbda7df3c76dcc658b034b812896cb8f2352762636828fdd361c2e516abce52bb5ddc0881b335020fadced4b7772c0dc3289ae494e062d73109b54e03c2fd4b3

  • SSDEEP

    12288:Ci4g+yU+0pAiv+8VwY8/JhCYlgRNQrtUmsgven:Ci4gXn0pD+yn4JhC2pr1Pu

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f1fafa93a5a2763ea73375aad3369bcb851b7301146dbe2b9f9949b22f7094f5.exe
    "C:\Users\Admin\AppData\Local\Temp\f1fafa93a5a2763ea73375aad3369bcb851b7301146dbe2b9f9949b22f7094f5.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\Users\Admin\AppData\Local\Temp\BE3.tmp
      "C:\Users\Admin\AppData\Local\Temp\BE3.tmp" --helpC:\Users\Admin\AppData\Local\Temp\f1fafa93a5a2763ea73375aad3369bcb851b7301146dbe2b9f9949b22f7094f5.exe 5C479F17F404D30EC9322BA20537FE5128BD98C4460C225404077FA8932FA69089822995697C518E32AA2DA71289348793906481EF7974D2C7CD7AC140A39259
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\BE3.tmp
    Filesize

    433KB

    MD5

    4362536dae6fa3882b29eabe22b1f3be

    SHA1

    629a9c6bedd7d682d2857c6379d2abc857f42435

    SHA256

    9f22d9bc701165da8046938177ec6e4f8dd248a45fb565673f91f9ede50dccb7

    SHA512

    e1a5ad616993a1c59e185ce8e565431dbe0e72f6a002abcc7fcee40d8ebbcae5abecc25180683f865ef9314767b7ec3ad3d9c64b182c28f1f9cf89fe1ace7c48

    Download Submit