Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

wSpam1.1.exe

windows7-x64

7

wSpam1.1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    27/07/2024, 10:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wSpam1.1.exe

  • Size

    23.6MB

  • MD5

    0a6cfc7c55a66793dd61734e855948ab

  • SHA1

    88fba9035dcd422b12610f12d6dbe2c3b0164a5c

  • SHA256

    48a1672eef39c1f4d3330beb8737c13c0630066b7e7f6c803cfb6e5cdd903645

  • SHA512

    714600b9bc4d16015932ebe729486a1570bff25af613e101f8ea597540b73ea49a9cb78bb875f0ca974afce33daa4998571b3ffe38dc4b87d97d80844fed1566

  • SSDEEP

    393216:+Vxw9BNWNPR9c5hlERo2WtYjUaNRDHvcrwhvr+bUn2KekLTa/WViHXAdZYygtN3a:uxMcbEhkVfjrRj0r6+bUnoFXAdZgtN3z

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\wSpam1.1.exe
    "C:\Users\Admin\AppData\Local\Temp\wSpam1.1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2368
    • C:\Users\Admin\AppData\Local\Temp\wSpam1.1.exe
      "C:\Users\Admin\AppData\Local\Temp\wSpam1.1.exe"
      2⤵
      • Loads dropped DLL
      PID:2376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI23682\python39.dll
    Filesize

    4.3MB

    MD5

    11c051f93c922d6b6b4829772f27a5be

    SHA1

    42fbdf3403a4bc3d46d348ca37a9f835e073d440

    SHA256

    0eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c

    SHA512

    1cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI23682\wSpam1.1.exe.manifest
    Filesize

    1KB

    MD5

    c8fbcad2e10bf2a2ef0f8bbd6f64e9d6

    SHA1

    3309fe52c62e303c1ff527b30dcb74bb0a5163e0

    SHA256

    220bc0a793dfdcc134c799b8a1dc434f8be0e75d791c4b0fe7c34fdcc0fcdbc5

    SHA512

    8b2bfd14549dc0c016e0a4dcd4b6562b7884c402613b67b2c18f7833b6bc0720a766572bb425b90921c84f4dc0cf2b8b55faedfba22a8b1c9deb801edbd6b310

    Download Submit