Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c2c02cc7dc...0N.exe

windows7-x64

7

c2c02cc7dc...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    100s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/07/2024, 13:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c2c02cc7dcb43c89b463ec0b2f374130N.exe

  • Size

    84KB

  • MD5

    c2c02cc7dcb43c89b463ec0b2f374130

  • SHA1

    a463373b3d4b2cbb6812bb8a988f43fe1804c894

  • SHA256

    188ed30e6ff2a8f9cc38f304ec14e14fb360aeefbe64bd6ace382c31c899a533

  • SHA512

    1d5393d7b9c8f04ecfb87089395c4e0bfc26ba6d28a72dfcc216ed60e20cbe279bb77c506417dff0d79c8844fc6557464f8648659728a2cb07fa960ff81127bb

  • SSDEEP

    1536:4j0h/qcO2BXCYwrWgH6jRwyw8xog/BK6ENcFho8Casx1IReCuNsPF+Pk0/WgENgF:LpqkXCFH6twywj9/8fsqRebNCQc0/Wg9

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c2c02cc7dcb43c89b463ec0b2f374130N.exe
    "C:\Users\Admin\AppData\Local\Temp\c2c02cc7dcb43c89b463ec0b2f374130N.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4868
    • C:\Users\Admin\AppData\Local\Temp\c2c02cc7dcb43c89b463ec0b2f374130N.exe
      C:\Users\Admin\AppData\Local\Temp\c2c02cc7dcb43c89b463ec0b2f374130N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\c2c02cc7dcb43c89b463ec0b2f374130N.exe
    Filesize

    84KB

    MD5

    efa7c3bee43bdd91898988663a93327c

    SHA1

    76d256c6d5337c7b084806288a2e8a055f468e90

    SHA256

    b1d587b113bd8cf739d7605a1ea47ee1d5184b858e168a853faab3c48731e584

    SHA512

    71091033dbdc73a609285f11b09f7d96b72acf1040f38ca4138f5a9ed28d8b681f939606a70d8d7412b2e79e45220d54a50ee684219e518df4d0a6f52a35008d

    Download Submit

  • memory/2272-13-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2272-14-0x00000000001B0000-0x00000000001DF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2272-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2272-25-0x00000000014E0000-0x00000000014FB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4868-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4868-1-0x00000000001D0000-0x00000000001FF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4868-3-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4868-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download