Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    96s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/01/2023, 06:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    359KB

  • MD5

    e28fc33a47b3d4fe5fec251e150e25f5

  • SHA1

    ed5157dec23a4c090f54e47472860954a4a5b668

  • SHA256

    ed721a41422d26863907809151b3e5ec95599c22427ba3a311b9763b1c8bc8a1

  • SHA512

    4511e66a05dbe2f462c54a194bd62205367246272c9ca60d1bcffb837697b3cb1678258290d4e2cf421d3568acacab514b24e12044d19af2ecc30b4f9a25eea7

  • SSDEEP

    6144:5DsGuLJuZclxTWOTiwThJpOSvDG0E1MctJykcRp:5DsGutuZ6xThiwThJpOSrG/icDy5R

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4904
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 1268
      2⤵
      • Program crash
      PID:1044
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4904 -ip 4904
    1⤵
      PID:4448

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4904-132-0x0000000002EE9000-0x0000000002F20000-memory.dmp

      Filesize

      220KB

      Download

    • memory/4904-133-0x0000000002E60000-0x0000000002EB9000-memory.dmp

      Filesize

      356KB

      Download

    • memory/4904-134-0x0000000000400000-0x0000000002BC2000-memory.dmp

      Filesize

      39.8MB

      Download

    • memory/4904-135-0x0000000007540000-0x0000000007AE4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4904-136-0x0000000007AF0000-0x0000000008108000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/4904-137-0x00000000073D0000-0x00000000073E2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4904-138-0x00000000073F0000-0x00000000074FA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4904-139-0x0000000008110000-0x000000000814C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4904-140-0x00000000083F0000-0x0000000008482000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4904-141-0x0000000008490000-0x00000000084F6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4904-142-0x0000000008B70000-0x0000000008BE6000-memory.dmp

      Filesize

      472KB

      Download

    • memory/4904-143-0x0000000008C30000-0x0000000008C4E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/4904-144-0x0000000008CF0000-0x0000000008EB2000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/4904-145-0x0000000008ED0000-0x00000000093FC000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/4904-146-0x0000000002EE9000-0x0000000002F20000-memory.dmp

      Filesize

      220KB

      Download

    • memory/4904-147-0x0000000000400000-0x0000000002BC2000-memory.dmp

      Filesize

      39.8MB

      Download

    • memory/4904-148-0x0000000000400000-0x0000000002BC2000-memory.dmp

      Filesize

      39.8MB

      Download