Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

b51b254b54...4c.exe

windows7-x64

10

b51b254b54...4c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    95s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2022, 16:39 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b51b254b54c4ef3c501cb7516aa6971532b7bf8b86b331cefa77703a181f834c.exe

  • Size

    151KB

  • MD5

    0e4fc68ce6e942038f3dc9d3376f3179

  • SHA1

    4fda41f3189451e6e733584f5988abd60cf501ce

  • SHA256

    b51b254b54c4ef3c501cb7516aa6971532b7bf8b86b331cefa77703a181f834c

  • SHA512

    7b7283b683dc90b6dd0905c5a621947452c2edb1d73e48507961f3dba7fa23777d376aa46d87955d572fbc7639dedc224e286992f58f5b60fdc2481064c751f9

  • SSDEEP

    3072:DLm+P8VzL/p/LwXRtWyOXLvxgWQS84IBNGqSd/:3B89h0RtWyGjxgWvsNGR/

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in Program Files directory 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b51b254b54c4ef3c501cb7516aa6971532b7bf8b86b331cefa77703a181f834c.exe
    "C:\Users\Admin\AppData\Local\Temp\b51b254b54c4ef3c501cb7516aa6971532b7bf8b86b331cefa77703a181f834c.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    PID:2004
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 724
      2⤵
      • Program crash
      PID:4912
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2004 -ip 2004
    1⤵
      PID:3448

    Network

      No results found
    • 67.27.154.126:80
      322 B
       7
    • 67.27.154.126:80
      322 B
       7
    • 20.189.173.15:443
      322 B
       7
    • 67.27.154.126:80
      322 B
       7
    • 67.27.154.126:80
      322 B
       7
    • 67.27.154.126:80
      322 B
       7
    No results found

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2004-132-0x0000000000400000-0x0000000000416000-memory.dmp

      Filesize

      88KB

      Download

    • memory/2004-133-0x0000000000400000-0x0000000000416000-memory.dmp

      Filesize

      88KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.