Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

Payment Invoice.exe

windows7-x64

3

Payment Invoice.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20230824-en
  • resource tags

    arch:x64arch:x86image:win7-20230824-enlocale:en-usos:windows7-x64system
  • submitted
    31/08/2023, 10:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Payment Invoice.exe

  • Size

    838KB

  • MD5

    981ba70a3fdcffd8179106b018bec5af

  • SHA1

    d9a0eed1e76872e09c05a81907bbff1bc26dc947

  • SHA256

    1aa3a55aa9fcb60498c10f1f4a51d4de8fb0428a6b21e8b09ce7f75b45bdfd1c

  • SHA512

    0fab6423f4e6401a0593dd476dbcbce398ef56f3699fa89f8e1ca2772d3f53c8e938fe255d5aaf3875d3ad02c2592f8f19ccdb3ce80f55e509ce2b1b1feccc4f

  • SSDEEP

    12288:cZfOZ1VGG8PfPV4HBfjVpjm2PtHBT6Br21s3wfKSTwga6UaorIcT:YWZ6H398tjVF9thmZp3H1F

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Payment Invoice.exe
    "C:\Users\Admin\AppData\Local\Temp\Payment Invoice.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 716
      2⤵
      • Program crash
      PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2092-0-0x00000000749C0000-0x00000000750AE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2092-1-0x0000000000C90000-0x0000000000D66000-memory.dmp

    Filesize

    856KB

    Download

  • memory/2092-2-0x00000000749C0000-0x00000000750AE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2092-3-0x0000000004E80000-0x0000000004EC0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2092-4-0x00000000008C0000-0x00000000008D4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2092-5-0x0000000004E80000-0x0000000004EC0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2092-6-0x00000000008F0000-0x00000000008FE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2092-7-0x0000000005870000-0x0000000005912000-memory.dmp

    Filesize

    648KB

    Download