Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

source_prepared.exe

windows7-x64

7

source_prepared.exe

windows10-2004-x64

9

Resubmissions

10/02/2025, 18:47

250210-xfdafs1phn 10

Analysis

  • max time kernel
    64s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    10/02/2025, 18:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    source_prepared.exe

  • Size

    116.7MB

  • MD5

    3a6f5832b8f5c692ee5ca00030196baf

  • SHA1

    00e759c77dcd58370d4710aa62f564c15d69cdfc

  • SHA256

    05b20a00303c619e731a2f13f25d677a23f976ec5ceb5fca4d7d79c18fab3500

  • SHA512

    5fc3c0dedddeafad724684f781c99190cb257d8068ca5a656effb2d6b0f01cf0cc2b91f6d31c74ce78834153b28a885cade7929c392c2c4fb5fbc7143551b993

  • SSDEEP

    3145728:4cN7eCRZeibJjz9wHE8/2qHO5iCpBnG0iWMstB2OxyKLuMV6:nN7JN1Zw/NHCiWhieB1

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 10 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 39 IoCs
  • Suspicious use of SendNotifyMessage 39 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
    "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2900
    • C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
      "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
      2⤵
      • Loads dropped DLL
      PID:2704
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI29002\python311.dll
    Filesize

    5.5MB

    MD5

    387bb2c1e40bde1517f06b46313766be

    SHA1

    601f83ef61c7699652dec17edd5a45d6c20786c4

    SHA256

    0817a2a657a24c0d5fbb60df56960f42fc66b3039d522ec952dab83e2d869364

    SHA512

    521cde6eaa5d4a2e0ef6bbfdea50b00750ae022c1c7bd66b20654c035552b49c9d2fac18ef503bbd136a7a307bdeb97f759d45c25228a0bf0c37739b6e897bad

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI29002\ucrtbase.dll
    Filesize

    1.3MB

    MD5

    286b308df8012a5dfc4276fb16dd9ccc

    SHA1

    8ae9df813b281c2bd7a81de1e4e9cef8934a9120

    SHA256

    2e5fb14b7bf8540278f3614a12f0226e56a7cc9e64b81cbd976c6fcf2f71cbfb

    SHA512

    24166cc1477cde129a9ab5b71075a6d935eb6eebcae9b39c0a106c5394ded31af3d93f6dea147120243f7790d0a0c625a690fd76177dddab2d2685105c3eb7b2

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI29002\api-ms-win-core-fibers-l1-1-1.dll
    Filesize

    21KB

    MD5

    050a30a687e7a2fa6f086a0db89aa131

    SHA1

    1484322caaf0d71cbb873a2b87bdd8d456da1a3b

    SHA256

    fc9d86cec621383eab636ebc87ddd3f5c19a3cb2a33d97be112c051d0b275429

    SHA512

    07a15aa3b0830f857b9b9ffeb57b6593ae40847a146c5041d38be9ce3410f58caa091a7d5671cc1bc7285b51d4547e3004cf0e634ae51fe3da0051e54d8759e1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI29002\api-ms-win-core-file-l1-2-0.dll
    Filesize

    21KB

    MD5

    cc228ff8d86b608e73026b1e9960b2f8

    SHA1

    cef0705aee1e8702589524879a49e859505d6fe0

    SHA256

    4cadbc0c39da7c6722206fdcebd670abe5b8d261e7b041dd94f9397a89d1990d

    SHA512

    17abd9e0ec20b7eb686e3c0f41b043d0742ab7f9501a423b2d2922d44af660379792d1cc6221effbd7e856575d5babf72657ae9127c87cc5cf678bd2ceb1228f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI29002\api-ms-win-core-file-l2-1-0.dll
    Filesize

    21KB

    MD5

    e368a236f5676a3da44e76870cd691c9

    SHA1

    e4f1d2c6f714a47f0dc29021855c632ef98b0a74

    SHA256

    93c624b366ba16c643fc8933070a26f03b073ad0cf7f80173266d67536c61989

    SHA512

    f5126498a8b65ab20afaaf6b0f179ab5286810384d44638c35f3779f37e288a51c28bed3c3f8125d51feb2a0909329f3b21273cb33b3c30728b87318480a9ef8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI29002\api-ms-win-core-kernel32-legacy-l1-1-1.dll
    Filesize

    21KB

    MD5

    0c1cc0a54d4b38885e1b250b40a34a84

    SHA1

    24400f712bbe1dd260ed407d1eb24c35dcb2ecac

    SHA256

    a9b13a1cd1b8c19b0c6b4afcd5bb0dd29c0e2288231ac9e6db8510094ce68ba6

    SHA512

    71674e7ed8650cac26b6f11a05bfc12bd7332588d21cf81d827c1d22df5730a13c1e6b3ba797573bb05b3138f8d46091402e63c059650c7e33208d50973dde39

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI29002\api-ms-win-core-localization-l1-2-0.dll
    Filesize

    21KB

    MD5

    5241df2e95e31e73ccfd6357ad309df0

    SHA1

    2644cc5e86dfad1ad2140181ab2ca79725f95411

    SHA256

    6ee44dd0d8510dc024c9f7c79b1b9fa88c987b26b6beb6653ddd11751c34e5dc

    SHA512

    52cccd1dd237e764e34996c0c5f7a759a7f0eff29b61befeaf96a16d80df2ba9ee2c3615f875153198a145d68f275aea6d02187e6eee5a129e3e2ab81aaceb16

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI29002\api-ms-win-core-processthreads-l1-1-1.dll
    Filesize

    21KB

    MD5

    385f562bdc391ccd4f81aca3719f3236

    SHA1

    f6633e1dac227ba3cd14d004748ef0c1c4135e67

    SHA256

    4ad565a8ba3ef0ea8ab87221ad11f83ee0bc844ce236607958406663b407333e

    SHA512

    b72ed1a02d4a02791ca5490b35f7e2cb6cb988e4899eda78134a34fb28964ea573d3289b69d5db1aac2289d1f24fd0a432b8187f7ae8147656d38691ae923f27

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI29002\api-ms-win-core-sysinfo-l1-2-0.dll
    Filesize

    21KB

    MD5

    fc9fc5f308ffc2d2d71814df8e2ae107

    SHA1

    24d7477f2a7dc2610eb701ed683108cd57eca966

    SHA256

    2703635d835396afd0f138d7c73751afe7e33a24f4225d08c1690b0a371932c0

    SHA512

    490fa6dc846e11c94cfe2f80a781c1bd1943cddd861d8907de8f05d9dc7a6364a777c6988c58059e435ac7e5d523218a597b2e9c69c9c34c50d82cac4400fe01

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI29002\api-ms-win-core-timezone-l1-1-0.dll
    Filesize

    21KB

    MD5

    43d8d2fb8801c5bd90d9482ddf3ea356

    SHA1

    d582b55cd58531e726141c63ba9910ff185d72e0

    SHA256

    33f4fddc181066fce06b2227bded813f95e94ed1f3d785e982c6b6b56c510c57

    SHA512

    0e073381a340db3f95165dbcceb8dfbf1ed1b4343e860446032400a7b321b7922c42ee5d9a881e28e69a3f55d56d63663adb9bb5abb69c5306efbf116cc5e456

    Download Submit

  • memory/1580-1329-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1580-1330-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1580-2630-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download