Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    29/04/2024, 21:39

General

  • Target

    5514d172f9de092b9a43a3c71e63847a25b354c474a8d5c29774a8d5762be461.exe

  • Size

    92KB

  • MD5

    22a74e7b1caa9821c3f3831b1d007b89

  • SHA1

    0f285cb884fd3a3fcdc417d736ec5a1423f3484f

  • SHA256

    5514d172f9de092b9a43a3c71e63847a25b354c474a8d5c29774a8d5762be461

  • SHA512

    29835d2013a503e4c1c92e8fe978d3a47b64ac80e300a0476c2da196eb9dd6a6ca77678a4103f2e108bc2ac997802f0ddde87fd3f119fabe744105690fe6a98d

  • SSDEEP

    1536:0MA7W59lPYpBCvXkd/DKO7FcwY2fL9C4zxcSsxA4:tu0DYpBXDKO7FDYuL9C4Ix/

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5514d172f9de092b9a43a3c71e63847a25b354c474a8d5c29774a8d5762be461.exe
    "C:\Users\Admin\AppData\Local\Temp\5514d172f9de092b9a43a3c71e63847a25b354c474a8d5c29774a8d5762be461.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Users\Admin\AppData\Local\Temp\olacweegim.exe
      C:\Users\Admin\AppData\Local\Temp\olacweegim.exe
      2⤵
      • Executes dropped EXE
      PID:2872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\olacweegim.exe

    Filesize

    92KB

    MD5

    f8fe1c7f42e6d0582f0644a13725b858

    SHA1

    14a2432c300e5e495b77e50672b73be3dd0a2ae1

    SHA256

    0e22f15db3ad23aa97d33daceb7cdf08b08ef9c132888fb814d2e653ca4dadc7

    SHA512

    9e3699d6c5089f2779ae43cc4a04ee413ef2ad3f0b8a50e800341ebae939ec2a41b7feb5a13d83338888419b822315f2623b48d3861f7f3f65cb637fa10ccfd1

  • memory/2856-2-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

  • memory/2856-6-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

  • memory/2872-8-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB