Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

55f9af3202...db.exe

windows7-x64

8

55f9af3202...db.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    112s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/10/2022, 13:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    55f9af3202a3c5b101549912a36863b40c7b69aa75d09d0f5d50bed63493a2db.exe

  • Size

    304KB

  • MD5

    834dd6bfc2621c6b9f595c9c0b19aa96

  • SHA1

    0ae6b05da4fc14949200193455002f836fa34a8a

  • SHA256

    55f9af3202a3c5b101549912a36863b40c7b69aa75d09d0f5d50bed63493a2db

  • SHA512

    ea25b83a9675efb76e91621e5a09014dd30994309361d691bcfdfa7aeef3f6186c92d1eab8f0ee5eb8fc30783b33a997feee20ec89d5b58fc6d45915f3d3b918

  • SSDEEP

    6144:icNM1BDtGwp9jscwrtNXZoQSbGqJDIy88YaR5iLFBq5+Z6:iyKjsXtoQSz78/aR5iGW6

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55f9af3202a3c5b101549912a36863b40c7b69aa75d09d0f5d50bed63493a2db.exe
    "C:\Users\Admin\AppData\Local\Temp\55f9af3202a3c5b101549912a36863b40c7b69aa75d09d0f5d50bed63493a2db.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4828
  • C:\PROGRA~3\Mozilla\fmzgwvi.exe
    C:\PROGRA~3\Mozilla\fmzgwvi.exe -gtfwajn
    1⤵
    • Executes dropped EXE
    PID:1544
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 484
      2⤵
      • Program crash
      PID:3716
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 1544 -ip 1544
    1⤵
      PID:208

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\PROGRA~3\Mozilla\fmzgwvi.exe
      Filesize

      304KB

      MD5

      71bd3bc4e5ec09005a80c6673310453c

      SHA1

      fd6baa32955bb271d50cac593b5cfdac737c9ab8

      SHA256

      031b293a314d1eac856406475b2f51866910d637caea9a637d6566bd52537eda

      SHA512

      d0d09a1b0ec6b534628c6a0fe93b7e88af9e65d0686b0639c8ff21367f285f9f8e0ffe016d895dc6ec5dcf4f2fd13d47cd71de641c15b10771a718bb2c9a3607

      Download Submit

    • C:\ProgramData\Mozilla\fmzgwvi.exe
      Filesize

      304KB

      MD5

      71bd3bc4e5ec09005a80c6673310453c

      SHA1

      fd6baa32955bb271d50cac593b5cfdac737c9ab8

      SHA256

      031b293a314d1eac856406475b2f51866910d637caea9a637d6566bd52537eda

      SHA512

      d0d09a1b0ec6b534628c6a0fe93b7e88af9e65d0686b0639c8ff21367f285f9f8e0ffe016d895dc6ec5dcf4f2fd13d47cd71de641c15b10771a718bb2c9a3607

      Download Submit

    • memory/1544-139-0x0000000000400000-0x000000000045B000-memory.dmp

      Filesize

      364KB

      Download

    • memory/1544-140-0x0000000000CA0000-0x0000000000CFC000-memory.dmp

      Filesize

      368KB

      Download

    • memory/1544-141-0x0000000000400000-0x000000000045B000-memory.dmp

      Filesize

      364KB

      Download

    • memory/4828-132-0x0000000000400000-0x000000000045B000-memory.dmp

      Filesize

      364KB

      Download

    • memory/4828-133-0x00000000021F0000-0x000000000224C000-memory.dmp

      Filesize

      368KB

      Download

    • memory/4828-134-0x0000000000400000-0x000000000045B000-memory.dmp

      Filesize

      364KB

      Download

    • memory/4828-137-0x0000000000400000-0x000000000045B000-memory.dmp

      Filesize

      364KB

      Download

    • memory/4828-138-0x00000000021F0000-0x000000000224C000-memory.dmp

      Filesize

      368KB

      Download