Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

50da484e58...6b.exe

windows7-x64

4

50da484e58...6b.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    26/05/2024, 16:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    50da484e58a0ab599a1327a1349ae9c8e335bdfb2ec4b5b197dc96a8b486576b.exe

  • Size

    10.5MB

  • MD5

    e44561ea93ea5e6ce33ef385a7e9a08a

  • SHA1

    2525468e49491029367333c6e9b2a61382c815af

  • SHA256

    50da484e58a0ab599a1327a1349ae9c8e335bdfb2ec4b5b197dc96a8b486576b

  • SHA512

    bbb6fa5373f436439f4180b32d21cfc98146b91638c57ac62ce04d6e4d7e78b96964985e684a487d50e6b0198eee25e3598b737b5fbf3f3e62b47f07200e8a45

  • SSDEEP

    196608:dCJBYlzkSIEc+waFvtCK4BbCSC3qzF1/goaSZzpBM:cUzkSU+FvV47Ccz/goa03

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\50da484e58a0ab599a1327a1349ae9c8e335bdfb2ec4b5b197dc96a8b486576b.exe
    "C:\Users\Admin\AppData\Local\Temp\50da484e58a0ab599a1327a1349ae9c8e335bdfb2ec4b5b197dc96a8b486576b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2052
    • C:\Users\Admin\AppData\Local\Temp\2kmtqsvg.pdj\crashpad_handler.exe
      C:\Users\Admin\AppData\Local\Temp\2kmtqsvg.pdj\crashpad_handler.exe --no-rate-limit "--database=C:\Users\Admin\AppData\Local\Google\Play Games\CrashReporting\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Battlestar --annotation=ver=24.1.1687.0 --initial-client-data=0x404,0x408,0x40c,0x3d4,0x410,0x7fef0de52c8,0x7fef0de52d8,0x7fef0de52e8
      2⤵
      • Executes dropped EXE
      PID:2748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2kmtqsvg.pdj\crashpad_handler.exe
    Filesize

    1.1MB

    MD5

    168e890d04cfee8b8420c90d1d229364

    SHA1

    442f93cb1272b93cc3073f8eeb0732a3c60bc5c9

    SHA256

    f37ed95b97a9c6d6d48c2675defaa53e68b487d271e78294d1af3a431ac25b91

    SHA512

    29d4d3d3a880c70c8c44ea1496f09f4ca1bcbe071dd81e8c700a53d070d8240d0d819a9fe356f175554075a089f6945d7f6390fb1dcf4a152c064a71df3fa48a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2kmtqsvg.pdj\CrashReporting.dll
    Filesize

    961KB

    MD5

    7b3f74266ca7cc7329eac63f8368db65

    SHA1

    db49159afcdf3676d6a6bc791f8f7c26ceeeb145

    SHA256

    9335fe5ed02defb1395ab3e02926edbf90205c40d2e8bfb6247df102307ba557

    SHA512

    930c4f1eeba8b1daf62ea3a29458dbcdd58c30c924d4e5ed5dc16073fafa7a8e2887c2e9627f970d197f848637f58b8cca6bd298a066e78c5d8eab7e0995bbb1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2kmtqsvg.pdj\recorder_delegate_lib.dll
    Filesize

    4.5MB

    MD5

    28f06bc35021d85a98539a035b2c9a71

    SHA1

    8d36ecb2b9e5270c1c5ac81bcd9bf858e9f61a8c

    SHA256

    231014af8dbc27ac20b222a00a2c3dfda4e0aa111fb710d7315b5b19e47a2f57

    SHA512

    cfec5eadc5cca9bc48006a80bca181ecf7949a2b9582ff5ca3ea577ec5892a10a8d4897fbc3e6eeb5b4a1b2de3d42d703cd2dae4c982668f93968e2de2e8599e

    Download Submit

  • memory/2052-13-0x0000000000750000-0x000000000075A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2052-20-0x000007FEF55C0000-0x000007FEF5FAC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2052-5-0x00000000001E0000-0x00000000001EA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2052-6-0x0000000000710000-0x0000000000732000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2052-7-0x000000001C110000-0x000000001C21E000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2052-8-0x0000000000200000-0x000000000020E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2052-9-0x0000000000730000-0x0000000000754000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2052-10-0x000000001B450000-0x000000001B4C8000-memory.dmp

    Filesize

    480KB

    Download

  • memory/2052-11-0x000000001C880000-0x000000001C908000-memory.dmp

    Filesize

    544KB

    Download

  • memory/2052-12-0x0000000000870000-0x0000000000878000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2052-14-0x0000000000750000-0x000000000075A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2052-0-0x000007FEF55C3000-0x000007FEF55C4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2052-19-0x0000000002430000-0x0000000002438000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2052-4-0x00000000001D0000-0x00000000001DA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2052-3-0x000007FEF55C0000-0x000007FEF5FAC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2052-26-0x000007FEF55C0000-0x000007FEF5FAC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2052-2-0x000000001BC80000-0x000000001BD36000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2052-34-0x000007FEF55C0000-0x000007FEF5FAC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2052-35-0x000000001BBC0000-0x000000001BBE6000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2052-1-0x0000000000D70000-0x0000000001020000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2052-38-0x000007FEF55C3000-0x000007FEF55C4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2052-39-0x000007FEF55C0000-0x000007FEF5FAC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2052-40-0x0000000000750000-0x000000000075A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2052-41-0x0000000000750000-0x000000000075A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2052-42-0x000007FEF55C0000-0x000007FEF5FAC000-memory.dmp

    Filesize

    9.9MB

    Download