Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

beb60ab22c...ec.exe

windows7-x64

7

beb60ab22c...ec.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/05/2024, 02:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    beb60ab22c22a8fe1decfce2fd4a31522ee8b73dfd3a9aa2552ee6d56ba13cec.exe

  • Size

    566KB

  • MD5

    b374b0e64ff33a57b82e126cdd9d3be9

  • SHA1

    809ba05a7ad9726258ba56da026daf4e8f1fde02

  • SHA256

    beb60ab22c22a8fe1decfce2fd4a31522ee8b73dfd3a9aa2552ee6d56ba13cec

  • SHA512

    57ee7db02bda8fe9912afbe5403cc77ab4ec9834125ab36599bb98197472198752f704b851754bdd1c24322486bf662dc5548fb618264ce15287f194fd034d4c

  • SSDEEP

    12288:IWBm+95nHfF2mgewFm5aQ9QPlbYbwJc0Ef1kfgjdkA7YdfPgvF:IWBz95ndbgfm56PlYbwu0EwgjT7YdfY9

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\beb60ab22c22a8fe1decfce2fd4a31522ee8b73dfd3a9aa2552ee6d56ba13cec.exe
    "C:\Users\Admin\AppData\Local\Temp\beb60ab22c22a8fe1decfce2fd4a31522ee8b73dfd3a9aa2552ee6d56ba13cec.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3496
    • C:\Users\Admin\AppData\Local\Temp\39BD.tmp
      "C:\Users\Admin\AppData\Local\Temp\39BD.tmp" --pingC:\Users\Admin\AppData\Local\Temp\beb60ab22c22a8fe1decfce2fd4a31522ee8b73dfd3a9aa2552ee6d56ba13cec.exe 011C08067A107955F2D5225A3A447B0D9F7A8BEF26D9994ABAA299F4BB9CE442A012A1190F8C090C40D33EBE795AD9E48C809820B5C213F4EC4EC8DD77932434
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\39BD.tmp
    Filesize

    566KB

    MD5

    fcd278365522a502549f5eb17fee162a

    SHA1

    1e52ee58e82e463a8aa6724394404e99fdf9fac4

    SHA256

    77f548c006937d47adff6abdcbc6a4d1bfb67dca163b2bdf39a78883a8178632

    SHA512

    23e8651965265b2a0348eb48a8345c091fdc6ad045e1d5387703a75077d5c7cbb03974645bfcdd261b1c4029fc5aa32662885e4a58ba3c1002dff716d40091be

    Download Submit

  • memory/3496-0-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

    Download

  • memory/3496-5-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

    Download

  • memory/3708-6-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

    Download

  • memory/3708-7-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

    Download