Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

yedek-main/Ja4va.jar

windows7-x64

1

yedek-main/Ja4va.jar

windows10-2004-x64

10

yedek-main/Java.jar

windows7-x64

1

yedek-main/Java.jar

windows10-2004-x64

10

yedek-main...nt.exe

windows7-x64

7

yedek-main...nt.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    13s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    18/12/2024, 02:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    yedek-main/WindowsUpdateAgent.exe

  • Size

    7.4MB

  • MD5

    7d4b7c9479e46227120720f2a2dcccda

  • SHA1

    a85ad8695c5f1703ab6b1abd07eff86b4da4adca

  • SHA256

    94525a0b12c1be31a958bb137d9c1a6f35cef4e9b0c01f95b75981bae5518d93

  • SHA512

    c0cb31863256206f4c0e39d3baa8d5869e2cab630b3f9e1453d45964b054ca85ff11c5cf17c157efe84d16dc1f413f27cb762dfa1a0ab8f2a4556d901faa3c07

  • SSDEEP

    196608:xmlEzPoLjv+bhqNVoB8Ck5c7GpNlpq41J2Jbk9qtlDf6s0:ChL+9qz88Ck+7q3p91JBqfJ0

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\yedek-main\WindowsUpdateAgent.exe
    "C:\Users\Admin\AppData\Local\Temp\yedek-main\WindowsUpdateAgent.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2164
    • C:\Users\Admin\AppData\Local\Temp\yedek-main\WindowsUpdateAgent.exe
      "C:\Users\Admin\AppData\Local\Temp\yedek-main\WindowsUpdateAgent.exe"
      2⤵
      • Loads dropped DLL
      PID:3000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI21642\python312.dll
    Filesize

    1.8MB

    MD5

    2f1072ddd9a88629205e7434ed055b3e

    SHA1

    20da3188dabe3d5fa33b46bfe671e713e6fa3056

    SHA256

    d086257a6b36047f35202266c8eb8c1225163bd96b064d31b80f0dbe13da2acf

    SHA512

    d8dddc30733811ed9a9c4ae83ac8f3fc4d8ba3fa8051d95242fbd432fd5bf24122373ac5eea9fec78f0daf7c1133365f519a13cf3f105636da74820a00a25e9b

    Download Submit

  • memory/3000-23-0x000007FEF5D80000-0x000007FEF6458000-memory.dmp

    Filesize

    6.8MB

    Download