Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a5e39edc04...0N.exe

windows7-x64

7

a5e39edc04...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    22/07/2024, 11:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a5e39edc04588aec600f0c816b1160a0N.exe

  • Size

    73KB

  • MD5

    a5e39edc04588aec600f0c816b1160a0

  • SHA1

    fb2144e6c341894052b0578cba1d55582379474d

  • SHA256

    1d6118acc27204ce91df6539b07f4144d344a061fb3818865607789b7ca1787c

  • SHA512

    c8f77e3bc6c2c49c0fcdf58a29424bfa11e98e18d49c3c5d54303f7269eae363d150478b4e24f3af4a71a0c7e6bed8eded29a1cebe008d9978ea3cf131ea2e0a

  • SSDEEP

    1536:hbcGAJK5QPqfhVWbdsmA+RjPFLC+e5he0ZGUGf2g:hAXJNPqfcxA+HFsheOg

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5e39edc04588aec600f0c816b1160a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a5e39edc04588aec600f0c816b1160a0N.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2704
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c $TMP!10@.COM
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2780
      • C:\Users\Admin\AppData\Local\Temp\$TMP!10@.COM
        $TMP!10@.COM
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:2740
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c 15225.exe
          4⤵
            PID:2068

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\$TMP!10@.COM
      Filesize

      73KB

      MD5

      c1f18ce805145a7277b4422688bc3bcd

      SHA1

      c4beb4a4217f0d25edff4bf1b089f952723ca98a

      SHA256

      257b145caa490e58e65248fd6e4ed0f0f01d196b7277f0edf706a1088627f959

      SHA512

      3469b702b5c7a336b52aa961b736cb4fbcb9f61bc8dadc7eafe89d1379af74fe0ff4dc5124e1cdf7c0f18744f6fe48ed998f917a2995607fdec8e0f6a304fca9

      Download Submit

    • memory/2704-11-0x0000000000400000-0x0000000000419000-memory.dmp

      Filesize

      100KB

      Download

    • memory/2740-10-0x0000000000400000-0x0000000000419000-memory.dmp

      Filesize

      100KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.