Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

4d8b266dd6...20.exe

windows7-x64

8

4d8b266dd6...20.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    164s
  • max time network
    172s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/11/2022, 09:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d8b266dd6838aefd4c9110c9371d747cb9c2fcc2338ef0f628e3c43630ede20.exe

  • Size

    541KB

  • MD5

    00c60e1945d9584792f3691b82378bd0

  • SHA1

    1a3c59f04840e88c8574156571fe9473d4d1e73f

  • SHA256

    4d8b266dd6838aefd4c9110c9371d747cb9c2fcc2338ef0f628e3c43630ede20

  • SHA512

    e501057cf6120aaeba933897c5208897e9b00b41f34e2c1e69ec75754daf6c8a7b2e83edc7d8c4c42b4cf2c095311f428ee63e99dde78a154fec333839e6d8cf

  • SSDEEP

    12288:Iu3URWtsYf8PemjE8h0UxH9ND6fvhMrf1seW2/ag2nR:IkQe8PemjTh0Ul/8vh+qUAR

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d8b266dd6838aefd4c9110c9371d747cb9c2fcc2338ef0f628e3c43630ede20.exe
    "C:\Users\Admin\AppData\Local\Temp\4d8b266dd6838aefd4c9110c9371d747cb9c2fcc2338ef0f628e3c43630ede20.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4776
  • C:\PROGRA~3\Mozilla\znblaln.exe
    C:\PROGRA~3\Mozilla\znblaln.exe -irlyaih
    1⤵
    • Executes dropped EXE
    PID:4424
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 440
      2⤵
      • Program crash
      PID:2408
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4424 -ip 4424
    1⤵
      PID:4304

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\PROGRA~3\Mozilla\znblaln.exe
      Filesize

      541KB

      MD5

      75a7e43e710eb94fc749515ee6566fa7

      SHA1

      f3dadd37cdc9d758f3e0ee7371bd43ea3b7b6745

      SHA256

      2a7261e147e8240ba12f5be701d56c045e6dbd3728efe3866bfc3032cc565b0f

      SHA512

      020dc24cfcc46e3cae8f227eed3b62d12db03c479e8fa88552ba1e88a6c56dda84469fbb90da0147deb56c1aae7bce066174d2fa241dbb4363fafa3d6811867e

      Download Submit

    • C:\ProgramData\Mozilla\znblaln.exe
      Filesize

      541KB

      MD5

      75a7e43e710eb94fc749515ee6566fa7

      SHA1

      f3dadd37cdc9d758f3e0ee7371bd43ea3b7b6745

      SHA256

      2a7261e147e8240ba12f5be701d56c045e6dbd3728efe3866bfc3032cc565b0f

      SHA512

      020dc24cfcc46e3cae8f227eed3b62d12db03c479e8fa88552ba1e88a6c56dda84469fbb90da0147deb56c1aae7bce066174d2fa241dbb4363fafa3d6811867e

      Download Submit

    • memory/4424-137-0x0000000000C10000-0x0000000000C6B000-memory.dmp

      Filesize

      364KB

      Download

    • memory/4776-132-0x00000000020B0000-0x000000000210B000-memory.dmp

      Filesize

      364KB

      Download

    • memory/4776-133-0x0000000000400000-0x000000000045B000-memory.dmp

      Filesize

      364KB

      Download

    • memory/4776-136-0x0000000000400000-0x000000000045B000-memory.dmp

      Filesize

      364KB

      Download