Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

25c2122193...96.exe

windows7-x64

7

25c2122193...96.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/05/2024, 21:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    25c21221931f23fa6d3e701b01e771db75451a8b2f11f5376d72d5ee5c25e396.exe

  • Size

    5.4MB

  • MD5

    412aca1f8a9d5b2134672c7066ab83ba

  • SHA1

    455db12b2aad0556c24154e106dc0cc10a2866ef

  • SHA256

    25c21221931f23fa6d3e701b01e771db75451a8b2f11f5376d72d5ee5c25e396

  • SHA512

    01a3452799a9d25af8e7917e9d7e7d20523c514d5eba685329bc9007edda06bab2c48ed9568a9ae25f7e46987168d5ece3dec843f44a92c4f8f5321a3e2a91cd

  • SSDEEP

    98304:emhd1UryeqwQyLk7Y7OJTScMe8V7wQqZUha5jtSyZIUh:el9QyorF82QbaZtliU

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\25c21221931f23fa6d3e701b01e771db75451a8b2f11f5376d72d5ee5c25e396.exe
    "C:\Users\Admin\AppData\Local\Temp\25c21221931f23fa6d3e701b01e771db75451a8b2f11f5376d72d5ee5c25e396.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2404
    • C:\Users\Admin\AppData\Local\Temp\43CF.tmp
      "C:\Users\Admin\AppData\Local\Temp\43CF.tmp" --splashC:\Users\Admin\AppData\Local\Temp\25c21221931f23fa6d3e701b01e771db75451a8b2f11f5376d72d5ee5c25e396.exe 1EBEDCC14294DC098F84F6ABA061DB6671DFB97A83F1D3955F308BEE89146BCC5D12B90407A0D8A38902659B769DE0CABC2513C5C93E3C7E25F39DECF90D3228
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\43CF.tmp
    Filesize

    5.4MB

    MD5

    a2f76a04ae56cbbabfaf38e352271ae3

    SHA1

    c2c5b13da4ec86b05c40b9ac6f6338edfcfa707f

    SHA256

    85bc293f4786fec72e31fdea0eb9bf9510e95ba14e0afb398c9f3fe046bfd55c

    SHA512

    801017f512d850845e3be256980496f3775f60ffd205c8e145787737d8c4618a3f2bd5f767651e98bb02ea8f413ae68097c45ca054f2228b2b6e6db8ad3fc273

    Download Submit

  • memory/2404-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/3756-5-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download