Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

646eabe027...2b.exe

windows7-x64

8

646eabe027...2b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    185s
  • max time network
    191s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2022, 03:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    646eabe0272411cc8e35ebfa1abe2af2a652a20b6f2de3b8a50fc78e9c92942b.exe

  • Size

    440KB

  • MD5

    81875945823c63fa24fb0929a71931fd

  • SHA1

    55a773138057a1d077683881834e03f1ec4d6d10

  • SHA256

    646eabe0272411cc8e35ebfa1abe2af2a652a20b6f2de3b8a50fc78e9c92942b

  • SHA512

    47ab171dca24b6446b4f5aa57621841a75d24aeb36e4f48a970768462e9a2256ee0ab8b9b5b78ce2eee9a433f4e7910712ed6a976d4cc303310d8139379c7fc8

  • SSDEEP

    12288:NMTi0uhMqe9ts2zWTpMmCG7F24jLZivYuWO:JXJTpMm7FLZih

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\646eabe0272411cc8e35ebfa1abe2af2a652a20b6f2de3b8a50fc78e9c92942b.exe
    "C:\Users\Admin\AppData\Local\Temp\646eabe0272411cc8e35ebfa1abe2af2a652a20b6f2de3b8a50fc78e9c92942b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Users\Admin\AppData\Local\Temp\646eabe0272411cc8e35ebfa1abe2af2a652a20b6f2de3b8a50fc78e9c92942bmgr.exe
      C:\Users\Admin\AppData\Local\Temp\646eabe0272411cc8e35ebfa1abe2af2a652a20b6f2de3b8a50fc78e9c92942bmgr.exe
      2⤵
      • Executes dropped EXE
      PID:4144
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 264
        3⤵
        • Program crash
        PID:1912
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4144 -ip 4144
    1⤵
      PID:4704

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\646eabe0272411cc8e35ebfa1abe2af2a652a20b6f2de3b8a50fc78e9c92942bmgr.exe
      Filesize

      185KB

      MD5

      650ab7eb4b14cdc873c1db41178ff9fb

      SHA1

      bcf7c69f507935d452b496075fb776e53e19a5eb

      SHA256

      a2577db82e69062adb13f810de7da3dcfd80af1682abcd0279fe2e6e59802de2

      SHA512

      b6a1d23e4a036164472c8e1aaa7ddfd6fc3027231b5c983137e404be81c28175a3f2c2b07bc7029e5588b5559c2de74299d6c24d6e71bc33960c02befa3ce4d1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\646eabe0272411cc8e35ebfa1abe2af2a652a20b6f2de3b8a50fc78e9c92942bmgr.exe
      Filesize

      185KB

      MD5

      650ab7eb4b14cdc873c1db41178ff9fb

      SHA1

      bcf7c69f507935d452b496075fb776e53e19a5eb

      SHA256

      a2577db82e69062adb13f810de7da3dcfd80af1682abcd0279fe2e6e59802de2

      SHA512

      b6a1d23e4a036164472c8e1aaa7ddfd6fc3027231b5c983137e404be81c28175a3f2c2b07bc7029e5588b5559c2de74299d6c24d6e71bc33960c02befa3ce4d1

      Download Submit

    • memory/1968-132-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/1968-136-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/4144-137-0x0000000000400000-0x0000000000471000-memory.dmp

      Filesize

      452KB

      Download