Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 07:27

General

  • Target

    MultiCheat.exe

  • Size

    23.8MB

  • MD5

    5e9b2f4113efbe9596ec4c315a9c634e

  • SHA1

    67213b6a2e5f321bb6ab2ca13afeadd387ac5b4b

  • SHA256

    163eb26b7107ce46742e1314925e1adb3d76d69073e90ce99489101d1b925b56

  • SHA512

    4802fcee0332fe8d99390086fc48dfabe7d97d70f65f2ecca2e601ed897deddb56e2d9768316ef203a5c9be4f889318c02bc7030250ba64ad6f59569ad72ebdc

  • SSDEEP

    393216:mWvz+oRVcPketV0zL+9qz5fEnBSVkRIrY876h5oCk+7q334zz8vhkW8oW0Zo0ynU:Xz+oRGJ0P+9qdGzcY87q5S3G8veW8/qP

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MultiCheat.exe
    "C:\Users\Admin\AppData\Local\Temp\MultiCheat.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1892
    • C:\Users\Admin\AppData\Local\Temp\MultiCheat.exe
      "C:\Users\Admin\AppData\Local\Temp\MultiCheat.exe"
      2⤵
      • Loads dropped DLL
      PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI18922\python312.dll

    Filesize

    1.8MB

    MD5

    a8f7da4c7ad00df518d0f3554a162bb3

    SHA1

    a9747e7a4610c862b721761a8b14238310caeb05

    SHA256

    33ef217d13b774b18679996b0bb6c627120738580f0585b9f9a92a518274250d

    SHA512

    123fe1f4b2170503ffeccae39bfbfe057c054001156d6837582b4d5132ac5a93c85d7fc8e7e04cb32315c3ad5b2bff8ff0823519fdb59de89571b267d9b996ee

  • memory/2244-1002-0x000007FEF5380000-0x000007FEF5A58000-memory.dmp

    Filesize

    6.8MB