Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0d2117832c...c0.exe

windows7-x64

7

0d2117832c...c0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240319-en
  • resource tags

    arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
  • submitted
    18/04/2024, 18:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0d2117832c15798fa0e95ae5ced1c0125141a96fe077e7bc1fa0076584531fc0.exe

  • Size

    384KB

  • MD5

    a82f3e70e6fa2ff6a65e3e769a4ba5d1

  • SHA1

    72823c9c7909c695502dd97fe5914aa662724e42

  • SHA256

    0d2117832c15798fa0e95ae5ced1c0125141a96fe077e7bc1fa0076584531fc0

  • SHA512

    35798ed5d8ac7154668084e6fcf0f0332db7adaf52b9c29bb57a7a9aacf1c7d64f77b69f2e93f6649f26b00f8ff626368337b2dd32829839a32afcea9ecd6489

  • SSDEEP

    12288:mW48zimFGydh7h201jVj0gh6XFRbf0ez0npM4dl0v5Jz:v48zBGIh201Cgh6XFRbf0ezEM4dmv5p

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d2117832c15798fa0e95ae5ced1c0125141a96fe077e7bc1fa0076584531fc0.exe
    "C:\Users\Admin\AppData\Local\Temp\0d2117832c15798fa0e95ae5ced1c0125141a96fe077e7bc1fa0076584531fc0.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\Users\Admin\AppData\Local\Temp\0d2117832c15798fa0e95ae5ced1c0125141a96fe077e7bc1fa0076584531fc0.exe
      C:\Users\Admin\AppData\Local\Temp\0d2117832c15798fa0e95ae5ced1c0125141a96fe077e7bc1fa0076584531fc0.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of UnmapMainImage
      PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\0d2117832c15798fa0e95ae5ced1c0125141a96fe077e7bc1fa0076584531fc0.exe
    Filesize

    384KB

    MD5

    5d8c9128944060ca7354bd65a35c7428

    SHA1

    351cc02f8b0f9df40aaacecd38cabfd5cd08a39b

    SHA256

    ca482257cc4d075a03544d3c980faca5d19a2e9ff7602dfee4a5e1b98f6323df

    SHA512

    00394f4ab185854a6d9d1dc05f2f74bae986cf13eb3373410603da958e4e6fb50ae72a222d5e591b1d16d90adb0ed7db1bb3b21016cefa467241574cdf892d81

    Download Submit

  • memory/2208-11-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2208-13-0x0000000000390000-0x00000000003D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2208-12-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2524-0-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2524-8-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2524-9-0x0000000000160000-0x00000000001A0000-memory.dmp

    Filesize

    256KB

    Download