Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

e2748ea17c...52.exe

windows7-x64

7

e2748ea17c...52.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    07/05/2024, 02:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exe

  • Size

    194KB

  • MD5

    75620052eeaa55a9a52fe8008f4cee9b

  • SHA1

    96807a8c9d3660ede2387689f310634519e92449

  • SHA256

    e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652

  • SHA512

    1c3e2ad803dbe5c79b52b443cd52cbc628a790893e9ab0e3bdfcf7eb648d2312bc9627150b3a36d20345407c47438318a021ae337fffc445082edad738169813

  • SSDEEP

    3072:b28gf8MEmvmIFonpvwSF2SjahDYI93iK7GgE3PZeJ6Zwy6:y8gEbm64W2SE93i8KBeJ6Z

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exe
    "C:\Users\Admin\AppData\Local\Temp\e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Users\Admin\AppData\Local\Temp\e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exe
      C:\Users\Admin\AppData\Local\Temp\e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\e2748ea17c88d21377252925a8a4f69e4c3ac74002733a02125e63027f33f652.exe
    Filesize

    194KB

    MD5

    0d4c426a32b1349b4af193a1145a6cc9

    SHA1

    ded1af99d230e1cbef5dea53169392cfb7e8954c

    SHA256

    0fe48aadcf45d5d3c44fc719e8fe9083cca0e973495938844c431727113faf72

    SHA512

    9ee6b8d400cf8f59a141ad5e2cf4e16a09318b3343d3f35eea90e6d56b1becefd6a47a089acc9855097f797e1d53ca3ffaed0b1efb3c9bccd00e1c9ea958b2f7

    Download Submit

  • memory/1448-11-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1448-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1448-17-0x00000000002E0000-0x0000000000319000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3048-0-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3048-6-0x0000000000130000-0x0000000000169000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3048-10-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download