Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

3

3fbb7b62a3...a3.exe

windows7-x64

4

3fbb7b62a3...a3.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    31/05/2024, 21:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3fbb7b62a344cd678e7f0197d7e8b367db8bd47fa6188edb577d86445130b5a3.exe

  • Size

    84KB

  • MD5

    9e78d470d283803af1a70435e1de8db0

  • SHA1

    a109ba5033c2ffa0214849c34f8ac748e2c68efc

  • SHA256

    3fbb7b62a344cd678e7f0197d7e8b367db8bd47fa6188edb577d86445130b5a3

  • SHA512

    ef79956b31696c50aec9b8bc5f768518c68dc38efcd7ea8c469269a80320c5875a9a5a82ab01cacab02a88a5a043d9081d232bd091467fed796de3843fcba137

  • SSDEEP

    1536:uwm8nBjqs32bxPpBRy32Z6gJlyiKqVo6EUn:9m8nBjTmbxRBRN6WYiKqVo6Zn

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 1 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1228
      • C:\Users\Admin\AppData\Local\Temp\3fbb7b62a344cd678e7f0197d7e8b367db8bd47fa6188edb577d86445130b5a3.exe
        "C:\Users\Admin\AppData\Local\Temp\3fbb7b62a344cd678e7f0197d7e8b367db8bd47fa6188edb577d86445130b5a3.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1740

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1228-2-0x0000000002550000-0x0000000002551000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1740-3-0x0000000013140000-0x000000001315B000-memory.dmp

      Filesize

      108KB

      Download