Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c5d79b4803...f0.exe

windows7-x64

7

c5d79b4803...f0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/05/2024, 02:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c5d79b4803250d99b98796026c568463d998076d210ebcaadf1288a4581f61f0.exe

  • Size

    67KB

  • MD5

    e7110189b78f247d316c620dd6f4feb7

  • SHA1

    199b2ca84362a3ec7ceb67142cf75aa8efb8d57e

  • SHA256

    c5d79b4803250d99b98796026c568463d998076d210ebcaadf1288a4581f61f0

  • SHA512

    41f9541c484bb56a97ae3a79f83ce96162f42961ed4680a8c45ab846335afb7f90ef194a8301db73344cca714b634361a8df0805f8c38eac158de9b8c60243ba

  • SSDEEP

    1536:/Ao0zj2d6rnJYulBJnDQEEa1EfBE+1EC1p1encpkt9+FrJECOaAesJaEsHTP9ETh:/AoAliulHnDQEEa1EfBE+1EC1p1encpk

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c5d79b4803250d99b98796026c568463d998076d210ebcaadf1288a4581f61f0.exe
    "C:\Users\Admin\AppData\Local\Temp\c5d79b4803250d99b98796026c568463d998076d210ebcaadf1288a4581f61f0.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4448
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:3732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    67KB

    MD5

    ded1aa6ab9751361f2405353aeb75b43

    SHA1

    e0938f34e3d22b9567bda926d055fff2573f2555

    SHA256

    b4af8fa80c2fee78ea116226d4578e654fc11e7a0aa692835331b0c1107d792e

    SHA512

    c433615c12f63d86a2f8786607c09d9804345afeef0b29a529b110f23e20a53fa881a5b5a8ff62d67d51c365bf62e4e070730ff22421441b6c15c7583daef8f3

    Download Submit

  • memory/3732-5-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/4448-0-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download