Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

4c95c9df5e...42.exe

windows7-x64

7

4c95c9df5e...42.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    22/04/2024, 21:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c95c9df5e1a647e58a63ffe71d1208bda3b6176b10f1509977f609fc07d0842.exe

  • Size

    443KB

  • MD5

    7cda410ac0e04a28731a2bfc0581de52

  • SHA1

    60c61d9bbe800b34a85aa8779a8e55f9413358a8

  • SHA256

    4c95c9df5e1a647e58a63ffe71d1208bda3b6176b10f1509977f609fc07d0842

  • SHA512

    353f46f7f4b146e538e58aed7103dc300213157d18595a4af40281c713ae75c5f0182e6faac95532d2391a6c787aec42b3d2f877ca05b8d7c22c94718359b5a9

  • SSDEEP

    12288:Wq4w/ekieZgU6/1YId0Ydb+4mDiTqmWyC0+IlMa:Wq4w/ekieH6/Fd0YdWD8PJCDIP

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c95c9df5e1a647e58a63ffe71d1208bda3b6176b10f1509977f609fc07d0842.exe
    "C:\Users\Admin\AppData\Local\Temp\4c95c9df5e1a647e58a63ffe71d1208bda3b6176b10f1509977f609fc07d0842.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Users\Admin\AppData\Local\Temp\164E.tmp
      "C:\Users\Admin\AppData\Local\Temp\164E.tmp" --helpC:\Users\Admin\AppData\Local\Temp\4c95c9df5e1a647e58a63ffe71d1208bda3b6176b10f1509977f609fc07d0842.exe 336614E8091C1C07FAF6C652D50ABAD537B67297DD25457988450CCABC2EA902F4CB5D2258BDE65A8C002EC7820FCC519737FC3311D4C568A6F0809A1C42C65E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\164E.tmp
    Filesize

    443KB

    MD5

    4d570c1377b1563afea3a774fea24487

    SHA1

    af3725b811a87d19d7f54cf00879fbaed90242c0

    SHA256

    3b1f5f22f0c4e45ff3788af22c9552e9638450a242c52eb26075921fd627e396

    SHA512

    8d3e6c111239fa89f126bd36715ffc3f18b74ee38a622a3622f216e08b6ab74a0b04f3d1c5a41685b46c56c7a1a4959a503dc764e21e7c2784d294f962f88620

    Download Submit