Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d0dad2c749...48.exe

windows7-x64

7

d0dad2c749...48.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22/05/2024, 07:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d0dad2c74979a1cb3a0c4fe9435853698dfa1001992272622e624d6199b77f48.exe

  • Size

    2.4MB

  • MD5

    db08feef352cb81eb2a058b6660c2155

  • SHA1

    cf8768d3b7af310a92087f8045244ecfccd2729f

  • SHA256

    d0dad2c74979a1cb3a0c4fe9435853698dfa1001992272622e624d6199b77f48

  • SHA512

    00010029d2552d6fd910238f4e3d44cebdb563a47195d9aca3fae08baf7a358aaf1c6f14c84b4035a72d6e81188595da2e4bdb66f291d29f52143a9c922cd012

  • SSDEEP

    24576:jTTXB0woras9a/ZS7W+iniF+ujZXIMfX2av5SAODFDn:XT0rF9gMPiniXtXIMfX2wGBDn

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d0dad2c74979a1cb3a0c4fe9435853698dfa1001992272622e624d6199b77f48.exe
    "C:\Users\Admin\AppData\Local\Temp\d0dad2c74979a1cb3a0c4fe9435853698dfa1001992272622e624d6199b77f48.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Users\Admin\AppData\Local\Temp\d0dad2c74979a1cb3a0c4fe9435853698dfa1001992272622e624d6199b77f48.exe
      C:\Users\Admin\AppData\Local\Temp\d0dad2c74979a1cb3a0c4fe9435853698dfa1001992272622e624d6199b77f48.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:2728
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 144
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:2580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\d0dad2c74979a1cb3a0c4fe9435853698dfa1001992272622e624d6199b77f48.exe
    Filesize

    2.4MB

    MD5

    ff3ac27e41797f8e3925c119f776711f

    SHA1

    1a435b4e39efe486ddc7027b039256d5d5861745

    SHA256

    ff7db98992151461d8a59149c2f3a17d692bbc2829cb3efd362681509b4b4642

    SHA512

    c4fb7b247ed01b9ce034f512670ab0be906e640e3f3a2e2493747fba0d6e23c7d04a34e4b0562ec491900b5c54aa7cf635414edea1365544b46f5eea5782cddf

    Download Submit

  • memory/2400-0-0x0000000000400000-0x00000000004F0000-memory.dmp

    Filesize

    960KB

    Download

  • memory/2400-6-0x0000000003380000-0x0000000003470000-memory.dmp

    Filesize

    960KB

    Download

  • memory/2400-10-0x0000000000400000-0x00000000004F0000-memory.dmp

    Filesize

    960KB

    Download

  • memory/2728-9-0x0000000000400000-0x00000000004F0000-memory.dmp

    Filesize

    960KB

    Download

  • memory/2728-11-0x0000000002EB0000-0x0000000002FA0000-memory.dmp

    Filesize

    960KB

    Download