Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b63d1a558c...0N.exe

windows7-x64

7

b63d1a558c...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    21/07/2024, 11:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b63d1a558c34e46bb1e5fcfd705769d0N.exe

  • Size

    202KB

  • MD5

    b63d1a558c34e46bb1e5fcfd705769d0

  • SHA1

    72f359d2415418889438d6713249638a7ff48051

  • SHA256

    5388419953aa5109f56f12fa71322acced8a81ca623c5c987701ef514204ba00

  • SHA512

    f5fefa5529853879c2147a515452a8b359781fe5b1155f7576201427960f5d27042e53c21f43fbc65a70fcfdf3a99867c1ac531c09fe2d3a5e802115f7dc30f6

  • SSDEEP

    6144:p6MPejMRxxZY69fesmvOW5Ps9Huhk1sTAitD8FhQwrM46shbc500RXqX+ZyJXSzL:pfTxR9msoOwPWOhXrP

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b63d1a558c34e46bb1e5fcfd705769d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b63d1a558c34e46bb1e5fcfd705769d0N.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Users\Admin\AppData\Local\Temp\b63d1a558c34e46bb1e5fcfd705769d0N.exe
      C:\Users\Admin\AppData\Local\Temp\b63d1a558c34e46bb1e5fcfd705769d0N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\b63d1a558c34e46bb1e5fcfd705769d0N.exe
    Filesize

    202KB

    MD5

    244a01d0f6c287376a8783a66c4e54f1

    SHA1

    3a531186291c5ed0d720ee64fe3b83ff8147e1b6

    SHA256

    1c43d1fec6a83412e625a6a74fdbc474c7b78afecb37605f500026e02d07cc92

    SHA512

    904abd14b3241ebf4cf6ee72391efa590c4239618be33dcfe1553c9b2fb59fb925a139ef757ab9c5e12a0385c4dd1897206fcbd834b1eaa4d8efed048f2241ae

    Download Submit

  • memory/2232-0-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2232-8-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2388-10-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2388-11-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2388-16-0x00000000003B0000-0x00000000003EE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2388-17-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download