Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
106s -
max time network
184s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
27/11/2022, 15:51
Static task
static1
Behavioral task
behavioral1
Sample
719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe
Resource
win10v2004-20220812-en
General
-
Target
719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe
-
Size
2.1MB
-
MD5
be3413973638497cee168f91871d2a9e
-
SHA1
1006e94a58979e462f5a6dc4aae6ff746f6c7bff
-
SHA256
719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087
-
SHA512
e49bab5a73b947da3a9aebddd924bcd5081292d0addf6b1c679f78aad488421af1f4cc6cfae6e195c6b6894405be36c0bd2d806b67a8ff5e2dbc063af9ca4fc8
-
SSDEEP
49152:twgU3vY6JkzSXAjbYPicgTUbBQ9EhLFwf9rNJwdeH+PaCnMuG:DU3rJkzSQwqc/ZwFrNGkHmaCnMf
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/2176-1487-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1490-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1489-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1491-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1494-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1492-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1496-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1498-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1502-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1504-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1500-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1508-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1506-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1510-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1512-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1514-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1516-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1518-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1520-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1522-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1528-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1526-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1524-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1530-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1533-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2176-1535-0x0000000010000000-0x000000001003E000-memory.dmp upx -
Suspicious use of NtSetInformationThreadHideFromDebugger 13 IoCs
pid Process 2176 719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe 2176 719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe 2176 719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe 2176 719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe 2176 719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe 2176 719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe 2176 719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe 2176 719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe 2176 719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe 2176 719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe 2176 719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe 2176 719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe 2176 719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 2340 2176 WerFault.exe 24 -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2176 719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe 2176 719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe 2176 719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe"C:\Users\Admin\AppData\Local\Temp\719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:2176 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 17242⤵
- Program crash
PID:2340
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2176 -ip 21761⤵PID:2276