Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2f929139ce...f0.exe

windows7-x64

7

2f929139ce...f0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/04/2024, 20:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2f929139cea2679d31f402a5d362becdbae476be9d0049851bc5eb8b6664e2f0.exe

  • Size

    668KB

  • MD5

    aa92ad095229171fc1b4209798ff4d1c

  • SHA1

    3d1715c146d3b5d57f583eebb91a964242b7cc0d

  • SHA256

    2f929139cea2679d31f402a5d362becdbae476be9d0049851bc5eb8b6664e2f0

  • SHA512

    c815529b71762a9f3c95e577d602a0d39ae0e8aa640fac058e4f4be50104a5198c31679ad92263b9e367e71bb3c9a702850621da8e9bac9cc588515688237ec7

  • SSDEEP

    12288:UWBm+95nHfF2mgewFx5zPooWlU1kfgjdkAZgewF:UWBz95ndbgfx5LUgjTZgf

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2f929139cea2679d31f402a5d362becdbae476be9d0049851bc5eb8b6664e2f0.exe
    "C:\Users\Admin\AppData\Local\Temp\2f929139cea2679d31f402a5d362becdbae476be9d0049851bc5eb8b6664e2f0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4408
    • C:\Users\Admin\AppData\Local\Temp\5469.tmp
      "C:\Users\Admin\AppData\Local\Temp\5469.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2f929139cea2679d31f402a5d362becdbae476be9d0049851bc5eb8b6664e2f0.exe 0FE429058BCFF3014F39E2AE3A8420DDA0258D4000A50898CFCC718798C3DAFB4975BC1925DF992CD4C721797B819C4E6022D679B763D8FE12E023D43F100F27
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5469.tmp
    Filesize

    668KB

    MD5

    a36175bc45d5f3a7d001ad789c2b4c99

    SHA1

    b4d0f081f7c88b5416a061e30d6eb40d7b7a753a

    SHA256

    ae50abb8b7fdcf2617525f45ea6dd6176deacafe93f80ca16b324c1816b29c21

    SHA512

    a48d2ffbfa5b7cd66b0fd2f4624256cdba63c83682555d051b55485fbd06f83d89b7bd9c755c694081d0a2661ae63e435d047782682227da4ee0735a707b2710

    Download Submit

  • memory/3520-5-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/3520-9-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/4408-0-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/4408-7-0x0000000000400000-0x00000000004B6000-memory.dmp

    Filesize

    728KB

    Download