Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ffcfef7ba6...e4.exe

windows7-x64

7

ffcfef7ba6...e4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/05/2023, 01:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ffcfef7ba6a9d41f7e9aa171775d542adfa8c0a477818330aca6ed69dc40cae4.exe

  • Size

    3.4MB

  • MD5

    b8178eaf82d4fbfc50b2e160ec5e81b4

  • SHA1

    cc0551d6ff5eb66cff37825895976c8f979425aa

  • SHA256

    ffcfef7ba6a9d41f7e9aa171775d542adfa8c0a477818330aca6ed69dc40cae4

  • SHA512

    577695ac51066cb989c54b798d6718611916211d053cd0b03e926ea399440cc85fa0b75f16df4f506a7564fd86c34b304d21bc17ade93013c0ed6532faee104f

  • SSDEEP

    98304:WRjHbDm4S/2hRd8GS4YmiBnzXREDVoAQK++o7:WR/DmRYkGZKgo37+

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ffcfef7ba6a9d41f7e9aa171775d542adfa8c0a477818330aca6ed69dc40cae4.exe
    "C:\Users\Admin\AppData\Local\Temp\ffcfef7ba6a9d41f7e9aa171775d542adfa8c0a477818330aca6ed69dc40cae4.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3004
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Eptryroq.dll,start
      2⤵
      • Loads dropped DLL
      PID:2044
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 460
      2⤵
      • Program crash
      PID:1580
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3004 -ip 3004
    1⤵
      PID:3788

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Eptryroq.dll
      Filesize

      3.3MB

      MD5

      82c35594dfc78106100c0e2610b5e066

      SHA1

      aca002a77e832bdc5200d78390754252e704a8c0

      SHA256

      db1f4cf06f60c0a40fb5693ddf47b6dea1ad9545f1faf29d7d081a94b4389aac

      SHA512

      49197f037d6a6616c4260a1a91794e7ee386115d4fad194ec770f3add9eab4e8504a7c896ae7aab80add74e8b8c1e11ccb5521bef5d9ab1829f7592a5e33fd68

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Eptryroq.dll
      Filesize

      3.3MB

      MD5

      82c35594dfc78106100c0e2610b5e066

      SHA1

      aca002a77e832bdc5200d78390754252e704a8c0

      SHA256

      db1f4cf06f60c0a40fb5693ddf47b6dea1ad9545f1faf29d7d081a94b4389aac

      SHA512

      49197f037d6a6616c4260a1a91794e7ee386115d4fad194ec770f3add9eab4e8504a7c896ae7aab80add74e8b8c1e11ccb5521bef5d9ab1829f7592a5e33fd68

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Eptryroq.dll
      Filesize

      3.3MB

      MD5

      82c35594dfc78106100c0e2610b5e066

      SHA1

      aca002a77e832bdc5200d78390754252e704a8c0

      SHA256

      db1f4cf06f60c0a40fb5693ddf47b6dea1ad9545f1faf29d7d081a94b4389aac

      SHA512

      49197f037d6a6616c4260a1a91794e7ee386115d4fad194ec770f3add9eab4e8504a7c896ae7aab80add74e8b8c1e11ccb5521bef5d9ab1829f7592a5e33fd68

      Download Submit

    • memory/2044-143-0x0000000002160000-0x00000000024BB000-memory.dmp

      Filesize

      3.4MB

      Download

    • memory/2044-146-0x0000000002160000-0x00000000024BB000-memory.dmp

      Filesize

      3.4MB

      Download

    • memory/2044-140-0x0000000002A50000-0x0000000002A51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2044-155-0x0000000002160000-0x00000000024BB000-memory.dmp

      Filesize

      3.4MB

      Download

    • memory/2044-142-0x0000000002160000-0x00000000024BB000-memory.dmp

      Filesize

      3.4MB

      Download

    • memory/2044-154-0x0000000002160000-0x00000000024BB000-memory.dmp

      Filesize

      3.4MB

      Download

    • memory/2044-145-0x0000000002160000-0x00000000024BB000-memory.dmp

      Filesize

      3.4MB

      Download

    • memory/2044-139-0x0000000002160000-0x00000000024BB000-memory.dmp

      Filesize

      3.4MB

      Download

    • memory/2044-148-0x0000000002160000-0x00000000024BB000-memory.dmp

      Filesize

      3.4MB

      Download

    • memory/2044-149-0x0000000002160000-0x00000000024BB000-memory.dmp

      Filesize

      3.4MB

      Download

    • memory/2044-150-0x0000000002160000-0x00000000024BB000-memory.dmp

      Filesize

      3.4MB

      Download

    • memory/2044-151-0x0000000002160000-0x00000000024BB000-memory.dmp

      Filesize

      3.4MB

      Download

    • memory/2044-152-0x0000000002160000-0x00000000024BB000-memory.dmp

      Filesize

      3.4MB

      Download

    • memory/3004-134-0x0000000002DD0000-0x00000000032EB000-memory.dmp

      Filesize

      5.1MB

      Download

    • memory/3004-141-0x0000000000400000-0x0000000000C31000-memory.dmp

      Filesize

      8.2MB

      Download