Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
16/08/2023, 09:13
Static task
static1
Behavioral task
behavioral1
Sample
1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe
Resource
win10v2004-20230703-en
General
-
Target
1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe
-
Size
12.8MB
-
MD5
a13dfda2c396dc9856bf8c7093b99433
-
SHA1
72b63ebd1210369f75ea79d3abdb529acfceb1a8
-
SHA256
1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4
-
SHA512
63ed3dfe0159176f3b1ffa27bb2f806c23535f5e3970212b2d9dfcc1713e3fa192e528667d90c12d1fed6d8ca24fe1b4601b5cbb520862d94e5e6bb3a7c8cf49
-
SSDEEP
393216:FbeHpQiKWiZRQVPECeXLzE5LbE6+KZX54rYQnu:FyHl1icVPE7Lz8obK/4rYQ
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2560-96-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2560-97-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2560-98-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2560-100-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2560-102-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2560-104-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2560-106-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2560-108-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2560-110-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2560-112-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2560-114-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2560-116-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2560-119-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2560-121-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2560-140-0x0000000010000000-0x000000001003E000-memory.dmp upx -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 2560 1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 2704 2560 WerFault.exe 27 -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2560 1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe 2560 1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2560 1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe 2560 1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe 2560 1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2560 wrote to memory of 2704 2560 1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe 28 PID 2560 wrote to memory of 2704 2560 1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe 28 PID 2560 wrote to memory of 2704 2560 1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe 28 PID 2560 wrote to memory of 2704 2560 1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe"C:\Users\Admin\AppData\Local\Temp\1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2560 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 3242⤵
- Program crash
PID:2704
-