Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

145b389b94...8a.exe

windows7-x64

7

145b389b94...8a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    13/05/2024, 18:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe

  • Size

    4.2MB

  • MD5

    29a6c9b3a26443f7a7d12457f0ffef7d

  • SHA1

    6b53187be7410a591aa090ecee0afddd96e1c52f

  • SHA256

    145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a

  • SHA512

    5c923b748d7a001b038e8ecfdfaa4a9a6eb804137b120bc7ffe0bc22d49c662713c4a06a9dc9e342f8f0024012711c5a1a1f91487bc32be8a60e859caca9f6d0

  • SSDEEP

    98304:Cmhd1UryeaAR7i3yVLUjH5oxFbxhVLUjH5oxFbx:Cl6sVUjZEdhVUjZEd

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe
    "C:\Users\Admin\AppData\Local\Temp\145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2056
    • C:\Users\Admin\AppData\Local\Temp\22BD.tmp
      "C:\Users\Admin\AppData\Local\Temp\22BD.tmp" --splashC:\Users\Admin\AppData\Local\Temp\145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe A77D828B4FA2E76A580FD72EBB856F3358593141BD664E9CFE5E67072912FDA7AA60E1D2C008775872CF461C79E63EBDA473AB7101F4BDE759C3FAC5296ED92B
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\22BD.tmp
    Filesize

    4.2MB

    MD5

    9c07e8df0bc109e62ec5ceef1354f363

    SHA1

    fec476d903fe57322c38b117993b67fbe9009813

    SHA256

    e9ad2e729903483ba1524fc4e8ab3db0c52925884ccae36e1f2104a5a8969fe5

    SHA512

    6e8f013468d0d5c7d119013e59c3d88624cd0f6ed9fe221de2420bc729f12972a8a59d64415a9a7f4a8c74965772d2583bca7101449b5499b031789e5dbe099d

    Download Submit

  • memory/620-9-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2056-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download