Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    97s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/12/2022, 14:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    430KB

  • MD5

    18d1d7e330e28852b85847f5d6c57d27

  • SHA1

    d23e9d853c20987753287885aa5c6c7bd285be1a

  • SHA256

    67ac34363734fbf78ecceff4d3a5d3c5af8bffc9a5b91cdc2569d2dee3fef93c

  • SHA512

    44748d03240507eca5f11909bb62f57f431d6e66794e720c9185b32c194f4b168f122c1ed515993bda47d1ce235f2b9db8a5e6feaa84c432587859da7d725316

  • SSDEEP

    12288:/VVGDEmmZ8SS680PuLWZZm7m58xaxDPyrbA:/apm2Y80WL2r8xaNPyrc

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4800
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 1664
      2⤵
      • Program crash
      PID:4632
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4800 -ip 4800
    1⤵
      PID:3928

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4800-132-0x000000000070F000-0x0000000000746000-memory.dmp

      Filesize

      220KB

      Download

    • memory/4800-133-0x00000000005C0000-0x0000000000619000-memory.dmp

      Filesize

      356KB

      Download

    • memory/4800-134-0x0000000000400000-0x0000000000471000-memory.dmp

      Filesize

      452KB

      Download

    • memory/4800-135-0x0000000004D40000-0x00000000052E4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4800-136-0x00000000052F0000-0x0000000005908000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/4800-137-0x0000000004C80000-0x0000000004C92000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4800-138-0x0000000005910000-0x0000000005A1A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4800-139-0x0000000004CA0000-0x0000000004CDC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4800-140-0x0000000005CA0000-0x0000000005D06000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4800-141-0x0000000006380000-0x0000000006412000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4800-142-0x0000000006420000-0x0000000006496000-memory.dmp

      Filesize

      472KB

      Download

    • memory/4800-143-0x00000000064E0000-0x00000000064FE000-memory.dmp

      Filesize

      120KB

      Download

    • memory/4800-144-0x0000000006590000-0x0000000006752000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/4800-145-0x0000000006780000-0x0000000006CAC000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/4800-146-0x000000000070F000-0x0000000000746000-memory.dmp

      Filesize

      220KB

      Download

    • memory/4800-147-0x0000000000400000-0x0000000000471000-memory.dmp

      Filesize

      452KB

      Download