Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

eedf148e07...0N.exe

windows7-x64

7

eedf148e07...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21/07/2024, 16:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eedf148e075731d79b1183b1d2dd2fa0N.exe

  • Size

    203KB

  • MD5

    eedf148e075731d79b1183b1d2dd2fa0

  • SHA1

    b36258cb54f4dce3c8b9b345fbab120a389e62a2

  • SHA256

    5a8b4a699d047db03d9da60e85de9306ff0d80c9d70378a8b33ba44ed6028206

  • SHA512

    659fc19843b662da16c316e0e62a6e405e342d9be4d377919adc5ee6e2c76838cbc4856667e2406c32f33bece932b14841941ebf45653b380372239e708fb3f4

  • SSDEEP

    6144:Zg4hF4N64dPfG4DwbiM1G7wsyi4y3G1B78:6kF4w4dGRV1G7wNiZG1BA

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eedf148e075731d79b1183b1d2dd2fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\eedf148e075731d79b1183b1d2dd2fa0N.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2680
    • C:\Users\Admin\AppData\Local\Temp\eedf148e075731d79b1183b1d2dd2fa0N.exe
      C:\Users\Admin\AppData\Local\Temp\eedf148e075731d79b1183b1d2dd2fa0N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\eedf148e075731d79b1183b1d2dd2fa0N.exe
    Filesize

    203KB

    MD5

    2bd7041f6c1a2886ada4dcd26f59c629

    SHA1

    4781d985c4276b1119adb080c904b4577e9d7109

    SHA256

    ad82dbe140298c13916c2636e6d9b2f2c0319eea3935e5c38a45ab14bbc2e29b

    SHA512

    4ddc951120468ab02a68d4352ed3878a8b428463a3bfaadb5199d46a1a1b38d849139a3757fe5513e985c7312d883697bbd42d50e6b4dc9d7a086faf14da35fb

    Download Submit

  • memory/2056-11-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2056-17-0x0000000000190000-0x00000000001CF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2056-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2680-0-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2680-6-0x0000000000130000-0x000000000016F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2680-10-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download