Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/12/2022, 19:07

General

  • Target

    e435664f2cefca1153f662887fcb6656772f1f7f56bfb40680686dbf5a6c0d3e.exe

  • Size

    133KB

  • MD5

    aafef404650287c7c279ff33826186ee

  • SHA1

    925994f9355d7ace89e3482816aade99525b51f3

  • SHA256

    e435664f2cefca1153f662887fcb6656772f1f7f56bfb40680686dbf5a6c0d3e

  • SHA512

    c2466ec91bab2cf714d006d9235c5351ac581b612e114012656ceff198bde6d0a7719e5e9a54a204f1ddaedf311db3608d799ef53bef630bc8b869a4320b1416

  • SSDEEP

    768:X+RFmnbfWDut1vC+bHyBtMLNe28DUMaV9NvSEqf/Z+:ORFyWuq+bHyBtMLX8DUjVzFqM

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 5 IoCs
  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e435664f2cefca1153f662887fcb6656772f1f7f56bfb40680686dbf5a6c0d3e.exe
    "C:\Users\Admin\AppData\Local\Temp\e435664f2cefca1153f662887fcb6656772f1f7f56bfb40680686dbf5a6c0d3e.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:4368
    • C:\Windows\SysWOW64\ntldr.exe
      "C:\Windows\system32\ntldr.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:4636
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 376
        3⤵
        • Program crash
        PID:2268
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 408
      2⤵
      • Program crash
      PID:2620
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 4368 -ip 4368
    1⤵
      PID:5080
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4636 -ip 4636
      1⤵
        PID:5088

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\SysWOW64\ntldr.exe

        Filesize

        28KB

        MD5

        80f9290f521afce325d362ee877acf62

        SHA1

        04b7ba722b02dbd7d0df092cdfca61474537af2f

        SHA256

        8d2a997f844c4ced9fe35154ea7467e8183f3d2aba6e1532bb60b87820cbedf4

        SHA512

        27c53cd7b961c836e5d71041803a103fb371e4e26b7ac62d97ecbb0b5a702a689c9159bcf7a050d0256354b582b9a8c4c1aaebc58906e2bcd7e95065aef484be

      • C:\Windows\SysWOW64\ntldr.exe

        Filesize

        28KB

        MD5

        80f9290f521afce325d362ee877acf62

        SHA1

        04b7ba722b02dbd7d0df092cdfca61474537af2f

        SHA256

        8d2a997f844c4ced9fe35154ea7467e8183f3d2aba6e1532bb60b87820cbedf4

        SHA512

        27c53cd7b961c836e5d71041803a103fb371e4e26b7ac62d97ecbb0b5a702a689c9159bcf7a050d0256354b582b9a8c4c1aaebc58906e2bcd7e95065aef484be