Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

4f298c60ee...0N.exe

windows7-x64

7

4f298c60ee...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2024, 11:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4f298c60ee97d98a04e1b9bbb0a33b60N.exe

  • Size

    197KB

  • MD5

    4f298c60ee97d98a04e1b9bbb0a33b60

  • SHA1

    bcf307a8e48a8fdbf0b1550ba5b46b3afc3b6a9f

  • SHA256

    415ab84305ed8f55a7ea15fc1d18277268791a6c48ce2942c19d2f6a4bf77399

  • SHA512

    466b994e8e8acb41a5ed29bb9f8e446d69785b278f5bf4ec4847a7c5680dfe1f88b5b7d7cb97ff1a3feafbc255e725da69ffc1cedf285b07aba26e58a891896e

  • SSDEEP

    6144:AY9BWBYSFIM+5a8xUPdn7fw0dFbwHmZ+XsSXFAk4+hu+e:AY9EBDFJ+5zU1nLDdFbHZ+XsSOk4+hun

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4f298c60ee97d98a04e1b9bbb0a33b60N.exe
    "C:\Users\Admin\AppData\Local\Temp\4f298c60ee97d98a04e1b9bbb0a33b60N.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2484
    • C:\Users\Admin\AppData\Local\Temp\4f298c60ee97d98a04e1b9bbb0a33b60N.exe
      C:\Users\Admin\AppData\Local\Temp\4f298c60ee97d98a04e1b9bbb0a33b60N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\4f298c60ee97d98a04e1b9bbb0a33b60N.exe
    Filesize

    197KB

    MD5

    d336c74832b65b9aaa1c7d6a90fa1bb6

    SHA1

    21c6aa8baad0c87c5ff1f9e3c3481927ae277376

    SHA256

    e755cef76862e37210e1d3a661b16ef73c59194779fdd0e490427914f680afd5

    SHA512

    5554262374e2a46acba61b27264d6b71aaa3aa885cd532ed0e5db581054c5f9e51b9c1cb9ee05b3a7fa43372c6a00be9983430d9de9232bc40348d98f1f42aba

    Download Submit

  • memory/2484-0-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2484-10-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3020-11-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3020-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3020-17-0x00000000001F0000-0x0000000000229000-memory.dmp

    Filesize

    228KB

    Download