Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

7ea3b64868...cf.exe

windows7-x64

10

7ea3b64868...cf.exe

windows10-2004-x64

10

7ebaf99c04...24.exe

windows7-x64

6

7ebaf99c04...24.exe

windows10-2004-x64

6

7ee13560bd...12.exe

windows7-x64

10

7ee13560bd...12.exe

windows10-2004-x64

10

7ef695e2eb...8f.exe

windows7-x64

10

7ef695e2eb...8f.exe

windows10-2004-x64

10

7f08f6ad11...70.exe

windows7-x64

10

7f08f6ad11...70.exe

windows10-2004-x64

10

7f0a89c07b...88.exe

windows7-x64

1

7f0a89c07b...88.exe

windows10-2004-x64

1

7f4990caad...07.exe

windows7-x64

10

7f4990caad...07.exe

windows10-2004-x64

10

7f584766e9...23.exe

windows7-x64

10

7f584766e9...23.exe

windows10-2004-x64

10

7f653aa47f...d4.exe

windows7-x64

10

7f653aa47f...d4.exe

windows10-2004-x64

10

7f99ce9b97...e0.exe

windows7-x64

10

7f99ce9b97...e0.exe

windows10-2004-x64

10

7fa6bf4f19...ab.exe

windows7-x64

10

7fa6bf4f19...ab.exe

windows10-2004-x64

10

7fb245795f...72.exe

windows7-x64

10

7fb245795f...72.exe

windows10-2004-x64

10

7fb519a181...1c.exe

windows7-x64

10

7fb519a181...1c.exe

windows10-2004-x64

10

8017678d87...da.exe

windows7-x64

10

8017678d87...da.exe

windows10-2004-x64

10

8032ddd614...62.exe

windows7-x64

9

8032ddd614...62.exe

windows10-2004-x64

9

805bf5f6bd...de.exe

windows7-x64

10

805bf5f6bd...de.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20250207-en
  • resource tags

    arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
  • submitted
    22/03/2025, 06:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7f0a89c07b9469213af04a10fe708088.exe

  • Size

    18KB

  • MD5

    7f0a89c07b9469213af04a10fe708088

  • SHA1

    7685d07deda4a01a8f321297e3c80665d583f008

  • SHA256

    b2d8642a5af12e05830c92b8aa92cd7656a7bb9da69ce5f29b6af5bb3b250ad4

  • SHA512

    9258bf8057fb1e8fa5e901f5e08f327ece6b3f903cf3a0d0e9c25377bd58ed0a83b62defdeaac1814c905a9dae9a03e64b3db3233569fd1eb653bf8f9c5f5065

  • SSDEEP

    384:6PTjhUiZtSPbFBwFIcNcxSRcL9IXBUdhmfTkK6aHv+q:66i+Pb9xSRcZwUdQTF

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f0a89c07b9469213af04a10fe708088.exe
    "C:\Users\Admin\AppData\Local\Temp\7f0a89c07b9469213af04a10fe708088.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:396
    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\0ozruhut\0ozruhut.cmdline"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1648
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB1B3.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC7FCF4097B8B042AC9A6F6BE1D7F9CD3.TMP"
        3⤵
          PID:112

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\92ec9ed9-f363-4683-a11b-b165ac0bb9c4.exe
      Filesize

      18KB

      MD5

      0209565168534624892349ec5e7ab6e5

      SHA1

      4270d2a18e12a134938dba5481c7ca70a8d3ae19

      SHA256

      566c33b210da718ee8e8a5d4ddfe903750837120a5412396cbdaddef6f5e4e45

      SHA512

      1a45976e20f61beccdfff1f00345d6fda6f86e334894a7d4cc73d4fd528c6a04383c1e862d106a5cff3fa1aef97d75920a3b248202091736df8d7c3821e8e893

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\RESB1B3.tmp
      Filesize

      1KB

      MD5

      e9da3a1779184efd22243a6c2f7b75c1

      SHA1

      75445f3f26cf9bd81424d592e7d5f8aa59a04954

      SHA256

      959b472c4695590ef7e30853c49dbf5ed1c246c0a3776822f1d605c40e1fd91c

      SHA512

      f409bfb3336572802990b6cfd882cae95cbdb66292b021b52a0cb26b90aa3c612b2683f2d2102e8dbb3eaf948806fbfe7afc0f5a3131b00d8cea02d3ab8f767b

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\0ozruhut\0ozruhut.0.cs
      Filesize

      41KB

      MD5

      3538101699d7ff9972ad2f3bcfc00277

      SHA1

      fd301669a34ae5cdf5b174d51575a8fa32fc59e9

      SHA256

      b306516913b280a322f9b92650da00403796c6099a843eec542d5dc49444bb44

      SHA512

      bb5ef4fa99f0901928182546768328c9d457967aafb725ccc94b22f270b13fc92ef83359ad2fba01df507609d0338142318183243cd54d8f0e91d1700e4247cd

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\0ozruhut\0ozruhut.cmdline
      Filesize

      377B

      MD5

      bb574132ab18387a30f89d1ea8f3d917

      SHA1

      5c2fa2aa4cc6cb06084178afcb7ac4d29122e56a

      SHA256

      672c8c2d7cc03ef54f6b967c08cdbe08843acd026fae24fa2f152e8112f1b8aa

      SHA512

      c01becaeca7fb1bc5def0e75b002ba8b891da83580dd3acb9347a818f78172fafd40df0de850b8631ceffd294ef74a094ab095333437ec700c30d97961788fd7

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\CSC7FCF4097B8B042AC9A6F6BE1D7F9CD3.TMP
      Filesize

      1KB

      MD5

      cdf4fcc82682c74cb9cb15eabb21126e

      SHA1

      0ff437f5956ce6c044e3097168d33c9a1321b6ca

      SHA256

      a95e18c633c5ba37a614c692d4d4234af5cfb2c62f91d42469cbccf5b19341dd

      SHA512

      f4349eabe1a29d3b5266a6eacf4cbfb591555c84b30da80ad903b142b287c6d9d06202afc623fd40c11203d70bca800d8fcbaed402aba1fa53dda8fb52138215

      Download Submit

    • memory/396-0-0x000007FEF5403000-0x000007FEF5404000-memory.dmp

      Filesize

      4KB

      Download

    • memory/396-1-0x0000000000D80000-0x0000000000D8A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/396-2-0x000007FEF5400000-0x000007FEF5DEC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/396-16-0x00000000001A0000-0x00000000001AA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/396-18-0x000007FEF5403000-0x000007FEF5404000-memory.dmp

      Filesize

      4KB

      Download

    • memory/396-19-0x000007FEF5400000-0x000007FEF5DEC000-memory.dmp

      Filesize

      9.9MB

      Download