Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

b469bf6f3c...ab.exe

windows7-x64

7

b469bf6f3c...ab.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    197s
  • max time network
    201s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2022, 21:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b469bf6f3cffc6ebc1448744adf298c97b2d970b23c220943a3e9327202166ab.exe

  • Size

    429KB

  • MD5

    e7e88c89b74034e8164640db5bd406c7

  • SHA1

    b1464e8ffe65265f60bce1119c58834448bc91cd

  • SHA256

    b469bf6f3cffc6ebc1448744adf298c97b2d970b23c220943a3e9327202166ab

  • SHA512

    7157c65fee6867c57863e8f6447374d284d2d75d8211b29fe23282075f09dc6c59ce763d46b515fb43e08e845df36346799fae9dac4570f565bef92d6bb588aa

  • SSDEEP

    1536:cHb2FTOaRIrHRgl7D7AFysbP0DOIqxLcakr/6W4j752aR1p/WVHJq:c72Bmxu/A4sD0DOb4aM4Bhh2HY

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of WriteProcessMemory 1 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:2720
      • C:\Users\Admin\AppData\Local\Temp\b469bf6f3cffc6ebc1448744adf298c97b2d970b23c220943a3e9327202166ab.exe
        "C:\Users\Admin\AppData\Local\Temp\b469bf6f3cffc6ebc1448744adf298c97b2d970b23c220943a3e9327202166ab.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1376
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 388
          3⤵
          • Program crash
          PID:320
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 1376 -ip 1376
      1⤵
        PID:4892

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\cvasds0.dll
        Filesize

        79KB

        MD5

        955250b10d8f30ba40abd128d9d7d9f7

        SHA1

        888c2944f81b7f1a6d764237b842fece9e41aa49

        SHA256

        d6bc2d7ba343bfe52415727fcb7aa568e184fa0fd0fd89a367e18ff218bb63e6

        SHA512

        dfcaa5a577de599e61c148b14705c18d60e820c717a716aafcc6c59d290946f170668c59ebd30dd90fdc774bbb3173ceb14b49eb26506919740d0069e95fdb42

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\cvasds0.dll
        Filesize

        79KB

        MD5

        955250b10d8f30ba40abd128d9d7d9f7

        SHA1

        888c2944f81b7f1a6d764237b842fece9e41aa49

        SHA256

        d6bc2d7ba343bfe52415727fcb7aa568e184fa0fd0fd89a367e18ff218bb63e6

        SHA512

        dfcaa5a577de599e61c148b14705c18d60e820c717a716aafcc6c59d290946f170668c59ebd30dd90fdc774bbb3173ceb14b49eb26506919740d0069e95fdb42

        Download Submit

      • memory/1376-132-0x0000000000400000-0x000000000046D000-memory.dmp

        Filesize

        436KB

        Download

      • memory/1376-135-0x0000000010000000-0x0000000010068000-memory.dmp

        Filesize

        416KB

        Download

      • memory/1376-136-0x0000000010000000-0x0000000010068000-memory.dmp

        Filesize

        416KB

        Download