Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

4c95c9df5e...42.exe

windows7-x64

7

4c95c9df5e...42.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/04/2024, 21:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c95c9df5e1a647e58a63ffe71d1208bda3b6176b10f1509977f609fc07d0842.exe

  • Size

    443KB

  • MD5

    7cda410ac0e04a28731a2bfc0581de52

  • SHA1

    60c61d9bbe800b34a85aa8779a8e55f9413358a8

  • SHA256

    4c95c9df5e1a647e58a63ffe71d1208bda3b6176b10f1509977f609fc07d0842

  • SHA512

    353f46f7f4b146e538e58aed7103dc300213157d18595a4af40281c713ae75c5f0182e6faac95532d2391a6c787aec42b3d2f877ca05b8d7c22c94718359b5a9

  • SSDEEP

    12288:Wq4w/ekieZgU6/1YId0Ydb+4mDiTqmWyC0+IlMa:Wq4w/ekieH6/Fd0YdWD8PJCDIP

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c95c9df5e1a647e58a63ffe71d1208bda3b6176b10f1509977f609fc07d0842.exe
    "C:\Users\Admin\AppData\Local\Temp\4c95c9df5e1a647e58a63ffe71d1208bda3b6176b10f1509977f609fc07d0842.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1380
    • C:\Users\Admin\AppData\Local\Temp\4093.tmp
      "C:\Users\Admin\AppData\Local\Temp\4093.tmp" --helpC:\Users\Admin\AppData\Local\Temp\4c95c9df5e1a647e58a63ffe71d1208bda3b6176b10f1509977f609fc07d0842.exe 648F9C8B239965E60869851E36403FE98D3A4562CDBB9CCCA8294647127EEDC76A1CBBD2543D81282B9685FCFB4CAB1C45FD2F7B141C991F1401000B238F72D6
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4093.tmp
    Filesize

    443KB

    MD5

    7f418bbb055e5d10838bda5c75acc195

    SHA1

    670d5f7adb17387129c3c11f8ad7b9326d4904c5

    SHA256

    148b815fcfdd9a5075b9991483f1838541ab02ad554f3ac984ef5872154f8345

    SHA512

    93038e35da48a70bdae876f47ad9d88d9ad83748d16da7bd455c13359efe18b86b94388e70a8f4fd47a3dc08f021c43e113dcd6b2c3dd6fbd125221d86ed0606

    Download Submit