Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

24/12/2024, 19:40

241224-ydqnfavpbt 10

24/12/2024, 19:40

241224-ydgqjavpa1 10

Analysis

  • max time kernel
    15s
  • max time network
    21s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2024, 19:40

General

  • Target

    source_prepared.exe

  • Size

    34.0MB

  • MD5

    79a4d6fd8e179a39e5b81ccbac523cef

  • SHA1

    4159ddb5a4e6a6218affd53d254feef8851fa8cc

  • SHA256

    a62149901670163001c0cbc92ff20836429c3ba93e209891f470e6542e7986ce

  • SHA512

    86009ffe53225722d850f33e6270fb527c0c5a4a95cc3eabc9859f16c6527f827f1c9cacbe76008bf0cf27164a7d0c91935719dac0bbf87afe9bab3223b5ef52

  • SSDEEP

    786432:N9YidhMus4WPg1JwYW8aE3ewq3ObRqsOBXMb8bxOn1JFECrRQ766UwWur5IAdg+C:N9JMTBQyYWye3CRrOBcX1cCwlr9a462

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
    "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1820
    • C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
      "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
      2⤵
      • Loads dropped DLL
      PID:1628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI18202\python313.dll

    Filesize

    5.8MB

    MD5

    3aad23292404a7038eb07ce5a6348256

    SHA1

    35cac5479699b28549ebe36c1d064bfb703f0857

    SHA256

    78b1dd211c0e66a0603df48da2c9b67a915ab3258701b9285d3faa255ed8dc25

    SHA512

    f5b6ef04e744d2c98c1ef9402d7a8ce5cda3b008837cf2c37a8b6d0cd1b188ca46585a40b2db7acf019f67e6ced59eff5bc86e1aaf48d3c3b62fecf37f3aec6b