Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

00b8eac62e...0N.exe

windows7-x64

7

00b8eac62e...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    21/07/2024, 12:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    00b8eac62e2e5a484299311bd59591f0N.exe

  • Size

    29KB

  • MD5

    00b8eac62e2e5a484299311bd59591f0

  • SHA1

    8d2e4fd8528867ceb0be9debaf319eb7ad461b76

  • SHA256

    c7ee707579cff8451ed8a7f1ba5584745c59ddf1c1a5abd427c7ca073706677a

  • SHA512

    e930ced69c3297398ebbd7b2ef67414bbeb4a8cb0f11e1b86a9cbc2bc9dc7dfca58277c99dc4e48e0808c3dd90732d48cb9643c4d8f4b45bcf0d35d594ededd4

  • SSDEEP

    384:v/4LNJY74JwOllSBQmrb0i5PrmqHIKpa54b5f0iws0wGo+3:v/qSamrxDmqoKM4Z0iwtwfA

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\00b8eac62e2e5a484299311bd59591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\00b8eac62e2e5a484299311bd59591f0N.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2528
    • C:\Users\Admin\AppData\Local\Temp\2024072112.exe
      C:\Users\Admin\AppData\Local\Temp\2024072112.exe down
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2676
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\del.bat
      2⤵
      • Deletes itself
      PID:1536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\del.bat
    Filesize

    174B

    MD5

    6fc905cc0c4bab104eb85418413fa1e9

    SHA1

    037fb2cf2ef13c586007a9a8f08515ba1561e3d7

    SHA256

    13293e1c5ffaf9208389321d7fe7dc646487101acf04e5cbae10c363baa4cfaf

    SHA512

    3eb2ed31a5447153a6df5fe380b41157ff689c16fb97bba2987670e27ace61aec120398959960efea87dc05366bdd99fafa143a534e39c8a6b752c86b1707cf0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2024072112.exe
    Filesize

    29KB

    MD5

    25dcdb848b2566b25ef1a990b6cde34d

    SHA1

    98c50184b6b0382e5d2d033bd41d35c06e93deb2

    SHA256

    3becca034fd8787a7864bc6465c2f7242b940d10cad7bec038985ad405b09a27

    SHA512

    bfa80cd3f41fab110a87e8a18ab3b99f06f2f9f4046a70974e665b67a9d6f0b82993b4a170f8d9cd3bdb4f9eb1607f1272a5ebbf85d4c4eacac87b5a040ae46b

    Download Submit

  • memory/2676-24-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download