Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

wall.exe

windows7-x64

7

wall.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    01/06/2023, 08:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wall.exe

  • Size

    4.9MB

  • MD5

    014b9db957bdbafe8a48ec5cd4004f0e

  • SHA1

    44ba905cfb83b80bda92553e378eb4600acbea91

  • SHA256

    92f4134cc013553a811aa371570d7e2e66a2537b4eac3dbdeaf0cb5f02e6ec56

  • SHA512

    775e1aa3905a1d01f2ca410b4e942ac8794bef3275057821736ebea755d5315318d7e1fadaca80a1c11f7dc1d527a586748f7ba5cd7201748e431848f079aae8

  • SSDEEP

    98304:MdBY9slh4DJF1QWHc5ymiJA7MNMrL3HW4PD25u:MdBYh+WaaSrLD78

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\wall.exe
    "C:\Users\Admin\AppData\Local\Temp\wall.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1204
    • C:\Users\Admin\AppData\Local\Temp\aafg31.exe
      "C:\Users\Admin\AppData\Local\Temp\aafg31.exe"
      2⤵
      • Executes dropped EXE
      PID:1500
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 888
      2⤵
      • Program crash
      PID:520

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\aafg31.exe
    Filesize

    949KB

    MD5

    35eb44f660dba74a18da3b07a5639d59

    SHA1

    1bc2c80bd7d579c09749cf1e94fcfc886d69f29a

    SHA256

    3c3c81a5e9751c12fd812d7b0279dfe71699a2718e33bce26d941d4d1bd2bb93

    SHA512

    22ddc5052483b429f29719b814e4de2662884bb9bb0e6fd7e3bacd73e3f87cc70d4fdc50213faffc0125bf5b2db0367081fe35ce71070ff5a2550d6d7194757e

    Download Submit

  • memory/1204-54-0x0000000001160000-0x000000000164A000-memory.dmp

    Filesize

    4.9MB

    Download