Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c7744eaa39...7f.exe

windows7-x64

7

c7744eaa39...7f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    10/07/2024, 04:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c7744eaa3921c46fb429c5f69a4cc0ab36502f19f00dd7463e472485dd1ac97f.exe

  • Size

    94KB

  • MD5

    7eca76f3229628f835e635547a8ba915

  • SHA1

    f2f8d66c103624344dd43333913c37d71f80c512

  • SHA256

    c7744eaa3921c46fb429c5f69a4cc0ab36502f19f00dd7463e472485dd1ac97f

  • SHA512

    0ddc8b374bea9e6a2598a6df6139b9084ecee9c3f4ccf087b93665d83d3ccb5b98254209a8d62563e845483ca6ebc97999d1dd1ce6252e2e49c62dcbeb5852c8

  • SSDEEP

    1536:Sdyql1M7wIIEuti7rEYivykYkpaWj0OL+G7mJAm/lGAuJMLF4vsnXWkW316:SdV1Z1i3QKqSGCJr/lkJ6FQsnV

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c7744eaa3921c46fb429c5f69a4cc0ab36502f19f00dd7463e472485dd1ac97f.exe
    "C:\Users\Admin\AppData\Local\Temp\c7744eaa3921c46fb429c5f69a4cc0ab36502f19f00dd7463e472485dd1ac97f.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1888
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\_del.bat
      2⤵
      • Deletes itself
      PID:2284
  • C:\Windows\SysWOW64\sppsrv.exe
    C:\Windows\SysWOW64\sppsrv.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    PID:2396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_del.bat
    Filesize

    294B

    MD5

    f6b3d3659d557f2dcc10766b3ade8ae3

    SHA1

    41a4da4280d319535426845691c1e18a2fd098ea

    SHA256

    0563055718f8e8560b28809b991cc1a71ef490f18e8fdb5ebfdda35e5ab26a00

    SHA512

    fff4be2b724426cc956d0cf0068352c35b3c58d8cc497fedf471dd9922abc5f462d1f9ba3166676d89ae8ad2141b2b4d09cfd0fc750bb47faf5953f626343dc5

    Download Submit

  • C:\Windows\SysWOW64\xpwunp.dat
    Filesize

    740B

    MD5

    9687b79e8d6ca007835094f41b120616

    SHA1

    5e94fc9491fbcd72393df648674339d0f1ebb69d

    SHA256

    dc03106e052743f20eebcca43dc9a234f38361220ac5197bd0a0187f87ad9c52

    SHA512

    18c52a3c80ed825c491a303468aa66532626a70313528d8eb7afb0d38d8abe74b01143925b1669b9e5c4f676838d5d616ecad7361574b4b68b1d769763d72b5d

    Download Submit

  • \Windows\SysWOW64\sppsrv.exe
    Filesize

    94KB

    MD5

    afae810fcae770473d7e1a753bce1141

    SHA1

    20a394b617506ac60d94ca1783973b70daa4f69c

    SHA256

    7c7a39ae4ef935089406cd7d18414cc35703b3f59bd089c4e6ef346b46dd1b1c

    SHA512

    49a0039b0bbffe3dbc9bc6fdfc654014bab3226cc18e5b21e6d9dbad67e566f753b6b4acdd26fc74dbfac5ecd0c2c627517736d22620c9507c08b0f99dce121a

    Download Submit