Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

ad5929c42f...0N.exe

windows7-x64

7

ad5929c42f...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    108s
  • max time network
    114s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/08/2024, 16:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad5929c42f5fd84cb2de41c69002cd90N.exe

  • Size

    4.7MB

  • MD5

    ad5929c42f5fd84cb2de41c69002cd90

  • SHA1

    a3ff651130c72c808737092db58cf46c56655a31

  • SHA256

    b61618967ed69bad6f857b0298e3dde9bd61217f0afcd1f757e45d60770234d9

  • SHA512

    489e257fd342246b1f401e7b6cb196ff48f40f9d9c31689849130743d699b28fd330f5a2a027464e2de45e8a1de4eee87f318dfd3037e05480db7777d7769259

  • SSDEEP

    49152:G51pswgKqMHOKOScjxkF7oF4RdyljMiLo9UeWtUux/7n4OkkPN:G5j1NOLStF7/GMiptFx/c61

Score
7/10
discoveryupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad5929c42f5fd84cb2de41c69002cd90N.exe
    "C:\Users\Admin\AppData\Local\Temp\ad5929c42f5fd84cb2de41c69002cd90N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3220
    • C:\Users\Admin\AppData\Local\Temp\ad5929c42f5fd84cb2de41c69002cd90N.exe
      C:\Users\Admin\AppData\Local\Temp\ad5929c42f5fd84cb2de41c69002cd90N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of UnmapMainImage
      PID:1068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ad5929c42f5fd84cb2de41c69002cd90N.exe
    Filesize

    4.7MB

    MD5

    94b477df0799412d3ccc686fb3cad23d

    SHA1

    f53ae70ab64f6ea9a529cbb6807399c7ea5ed282

    SHA256

    25b4c8ae6b8bbfd30a73101b44dc99aac670c7d2e4428e4d0bb829ca56871adc

    SHA512

    5cf2f710b1c0fa8691d9a7b1b7ad01fa40c88cd4b17c98acc8bd962fb55d08b3c02aabb9bd7be5eb173df0038bce9762ef622b47e7ec245b9d587fb6ad0d4d42

    Download Submit

  • memory/1068-14-0x0000000000400000-0x0000000000CE1000-memory.dmp

    Filesize

    8.9MB

    Download

  • memory/1068-15-0x0000000000400000-0x00000000005EF000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1068-21-0x00000000020C0000-0x00000000022EE000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1068-34-0x0000000000400000-0x0000000000CE1000-memory.dmp

    Filesize

    8.9MB

    Download

  • memory/3220-0-0x0000000000400000-0x0000000000CE1000-memory.dmp

    Filesize

    8.9MB

    Download

  • memory/3220-1-0x0000000002280000-0x00000000024AE000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/3220-3-0x0000000000400000-0x00000000005EF000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3220-13-0x0000000000400000-0x00000000005EF000-memory.dmp

    Filesize

    1.9MB

    Download