Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

01bddd8b4c...0N.exe

windows7-x64

7

01bddd8b4c...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/07/2024, 19:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    01bddd8b4c2cde5cec5fa5670a1438d0N.exe

  • Size

    500KB

  • MD5

    01bddd8b4c2cde5cec5fa5670a1438d0

  • SHA1

    2fd8d4257b7a2960df5f7f0f7f1e2ac668a23e06

  • SHA256

    4aa2204973400c4966b6fe00023c4e4b4eaf0bc07659945c01fe0f61522fea34

  • SHA512

    a49610aac15674d852d9351a9e906f187bdc81e0da1c219b10db18eef80739769add44fb5565019a1211145411d06a94f6e802c9e3b5023c7461fa99e1af0de6

  • SSDEEP

    12288:8WBm+95nHfF2mgewFx51OUq7SfJ0WO97Soi41kfgjdkA:8WBz95ndbgfx5C7SfJ0WOBqTgjT

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\01bddd8b4c2cde5cec5fa5670a1438d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\01bddd8b4c2cde5cec5fa5670a1438d0N.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3308
    • C:\Users\Admin\AppData\Local\Temp\4D8E.tmp
      "C:\Users\Admin\AppData\Local\Temp\4D8E.tmp" --pingC:\Users\Admin\AppData\Local\Temp\01bddd8b4c2cde5cec5fa5670a1438d0N.exe B1B12F6E1AD165616D83979EA8ED72CABB104EE763874B9B43D8B0FB942FB77433D927B464A45D21594551AE0F3BD530ED1BC01BCC603C5BCA55C66A3720D1F6
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:5012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4D8E.tmp
    Filesize

    500KB

    MD5

    3bbbdcbebc0f07d8fb8494721434c25f

    SHA1

    ae4ea9843752f2964acc60311ba8affdf7c69778

    SHA256

    8d5cb2ee5fbf33e754963f722e5989b63861ea69f619be35385478888cbfebd3

    SHA512

    1d975a8ebeea12177e4173b5e93d5ac1a0f50f7242f4ed07fde97b8440034bf7538f2b76e40c40ca2c51485df1f9932b20baaad6d0c4b3c914399b8accc02a99

    Download Submit

  • memory/3308-0-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3308-5-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/5012-4-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/5012-7-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download