Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

f0ef3105a1...65.exe

windows7-x64

7

f0ef3105a1...65.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    6s
  • max time network
    8s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/05/2023, 21:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f0ef3105a17c7f34aec310f64cbdb865.exe

  • Size

    604KB

  • MD5

    f0ef3105a17c7f34aec310f64cbdb865

  • SHA1

    db3638eeb2ba28983d45cad37091dc24703a63be

  • SHA256

    dcb24b04d4e36b27269c5cd8971167b94587712efc62b04e82f62b0719a64304

  • SHA512

    aed1a398fd07c00489221fefa557bec0734e8b1531f92f555767bbbc6b6f477717f03855c57729869405464eab43a4279de24e87a45b469ae7994df7ece81213

  • SSDEEP

    6144:ZdfbCP2DTb+HdtH9Wd1yxBMf0eVCDs2c9kDwK3bLqpnobns+NOYup6yCwMjyh0XL:Z+2j+Hdsy7MfXVqc9w33Hnw6yCVjq0XL

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f0ef3105a17c7f34aec310f64cbdb865.exe
    "C:\Users\Admin\AppData\Local\Temp\f0ef3105a17c7f34aec310f64cbdb865.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:1120
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c embedded.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3924
      • C:\Users\Admin\AppData\Local\Temp\embedded.exe
        embedded.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:552
        • C:\Program Files (x86)\Internet Explorer\iexplore.exe
          "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
          4⤵
            PID:3804
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 408
              5⤵
              • Program crash
              PID:4164
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3804 -ip 3804
      1⤵
        PID:4596

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\embedded.exe
        Filesize

        66KB

        MD5

        140d24af0c2b3a18529df12dfbc5f6de

        SHA1

        e8db5ad2b7ffede3e41b9c3adb24f3232d764931

        SHA256

        4eabb1adc035f035e010c0d0d259c683e18193f509946652ed8aa7c5d92b6a92

        SHA512

        a2ead649f155555ec3e55800494f833d18cea68afe736807ec23b5991242928a0853e451b60894ec8e0abe8c42db341c2237007981f38f0366fd7c6ecafb7415

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\embedded.exe
        Filesize

        66KB

        MD5

        140d24af0c2b3a18529df12dfbc5f6de

        SHA1

        e8db5ad2b7ffede3e41b9c3adb24f3232d764931

        SHA256

        4eabb1adc035f035e010c0d0d259c683e18193f509946652ed8aa7c5d92b6a92

        SHA512

        a2ead649f155555ec3e55800494f833d18cea68afe736807ec23b5991242928a0853e451b60894ec8e0abe8c42db341c2237007981f38f0366fd7c6ecafb7415

        Download Submit

      • memory/552-137-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download