Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

635836657d...73.exe

windows7-x64

7

635836657d...73.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/06/2024, 23:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    635836657d154047af5987af1d34f669dd21e82fdf3ac8782265a5b890a1b473.exe

  • Size

    4.2MB

  • MD5

    815bb8afa4b88353ff0a52df638379cd

  • SHA1

    c284d52a2291dae82f99aaaf8facf3a7ed69e950

  • SHA256

    635836657d154047af5987af1d34f669dd21e82fdf3ac8782265a5b890a1b473

  • SHA512

    88b0c24c08282b81ec9c05bcd7ea39ac420d0b5b4518dfa9bd25791acefa95505e2c04d1ccfdd6bd72adf40942bd0a067a2c6edaf016ad66cf1531204fe1b1ac

  • SSDEEP

    98304:Cmhd1UryezeKpRwTZ2BtV5lVLUjH5oxFbxhVLUjH5oxFbx:ClKK04ZfVUjZEdhVUjZEd

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\635836657d154047af5987af1d34f669dd21e82fdf3ac8782265a5b890a1b473.exe
    "C:\Users\Admin\AppData\Local\Temp\635836657d154047af5987af1d34f669dd21e82fdf3ac8782265a5b890a1b473.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3236
    • C:\Users\Admin\AppData\Local\Temp\DBD9.tmp
      "C:\Users\Admin\AppData\Local\Temp\DBD9.tmp" --splashC:\Users\Admin\AppData\Local\Temp\635836657d154047af5987af1d34f669dd21e82fdf3ac8782265a5b890a1b473.exe 5995D86F43F5A3DB70EDB1632A657D88C00DE74EBD86968A6D9104ADB880873B894CC14D0014B72D2624C3C9EF0E69BAE9B0A3AB82C2C7EA5E0ECA65BF429802
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4196
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1020,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=3744 /prefetch:8
    1⤵
      PID:4740

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\DBD9.tmp
      Filesize

      4.2MB

      MD5

      20bd95a91349784c4ac345abfed2420b

      SHA1

      b85bb7e2c806858b636c6a0e6ab390af402c20db

      SHA256

      7751da723179bfe447c47ba89dcea98b0ef3cc1878fbb9730a43307bf73acfbf

      SHA512

      3c92eb79b2315cc762d821a878bd16cbb01fb8ccae43f8f8ed0a69d4fbb672265209204c1a22b804d42896632a6ae1444d06adfbb921581ead1cb99652c34dc0

      Download Submit

    • memory/3236-0-0x0000000000400000-0x0000000000849000-memory.dmp

      Filesize

      4.3MB

      Download

    • memory/4196-5-0x0000000000400000-0x0000000000849000-memory.dmp

      Filesize

      4.3MB

      Download