Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1812c273ec...c4.exe

windows7-x64

7

1812c273ec...c4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    16/08/2023, 09:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe

  • Size

    12.8MB

  • MD5

    a13dfda2c396dc9856bf8c7093b99433

  • SHA1

    72b63ebd1210369f75ea79d3abdb529acfceb1a8

  • SHA256

    1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4

  • SHA512

    63ed3dfe0159176f3b1ffa27bb2f806c23535f5e3970212b2d9dfcc1713e3fa192e528667d90c12d1fed6d8ca24fe1b4601b5cbb520862d94e5e6bb3a7c8cf49

  • SSDEEP

    393216:FbeHpQiKWiZRQVPECeXLzE5LbE6+KZX54rYQnu:FyHl1icVPE7Lz8obK/4rYQ

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 15 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe
    "C:\Users\Admin\AppData\Local\Temp\1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2560
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 324
      2⤵
      • Program crash
      PID:2704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2560-56-0x0000000000400000-0x0000000001E3C000-memory.dmp

    Filesize

    26.2MB

    Download

  • memory/2560-57-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2560-54-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2560-59-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2560-60-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2560-62-0x0000000000400000-0x0000000001E3C000-memory.dmp

    Filesize

    26.2MB

    Download

  • memory/2560-63-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2560-65-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2560-68-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2560-73-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2560-70-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2560-75-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2560-78-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2560-80-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2560-83-0x00000000002D0000-0x00000000002D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2560-85-0x00000000002D0000-0x00000000002D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2560-86-0x00000000002E0000-0x00000000002E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2560-88-0x00000000002E0000-0x00000000002E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2560-90-0x00000000002E0000-0x00000000002E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2560-94-0x0000000000400000-0x0000000001E3C000-memory.dmp

    Filesize

    26.2MB

    Download

  • memory/2560-95-0x0000000000400000-0x0000000001E3C000-memory.dmp

    Filesize

    26.2MB

    Download

  • memory/2560-96-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2560-97-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2560-98-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2560-100-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2560-102-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2560-104-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2560-106-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2560-108-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2560-110-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2560-112-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2560-114-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2560-116-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2560-119-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2560-121-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2560-140-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download