Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
18/03/2025, 14:55
General
-
Target
EXMservice.exe
-
Size
21.7MB
-
MD5
f551d9082d5a86776a906984e9cac3b3
-
SHA1
7f2294fb608e65fb06b844a559dc3e8ec26dff8b
-
SHA256
40c4fc26947ad84ecbfbeba71c930dc8f7f4dd5ae737c0021a0cdf721a76facf
-
SHA512
444f10d6468c28bab1920e33544becbc228b9cca6d710e4751bab50cd04baf6fe2c2d499ed578116212e1219a68f55c6cf836a61dd5f576cce8c6fd3fc1afe1d
-
SSDEEP
393216:xQKf8nAG+bkX7ViesEfcGhCDNz1FNcRQR35DNJ93IPzIYHEKwPs91DQVtUcpBc:OK0AHbuViP6cGhCDdxDRFXePnkM91DQd
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\EXMservice.exe"C:\Users\Admin\AppData\Local\Temp\EXMservice.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\EXMservice.exe"C:\Users\Admin\AppData\Local\Temp\EXMservice.exe"2⤵
- Loads dropped DLL
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD572c65de0cc88d6a26d5a7040aaf1fb60
SHA168dae332ade43106c72e68a497b6b7df6b314425
SHA256769f20bcec63eb6567cca095ea59ffcda2c87e2b8600503f0e4f976dfb8da2bb
SHA5125f658e0bee185613a37f946069ac6723fff93e542a4eb6e3435766c58d09d82894b85502f1686ffc9318bdf4b3a858490866ca56b90238c8c903e794c3a4e3fb
-
Filesize
4.4MB