Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    15/10/2023, 19:51

General

  • Target

    fe6a7d3df9487a5b4de3f343365a4d40_exe32.exe

  • Size

    250KB

  • MD5

    fe6a7d3df9487a5b4de3f343365a4d40

  • SHA1

    e7e29c4c00cb8d4888260978c8ed97c10dd5eb2a

  • SHA256

    84aa81d5ffe2f816c1b24ebb264af1657ba67c6b524589e6f25a7850aeb9e4fc

  • SHA512

    f17e52d129906d52aabad8d7471bdbb1ec3857235a36501ce2a62939299ea28afce2f9c63480ea8a0decac5c81b53554f8592a00e20da88feb229eff6c4aa5f9

  • SSDEEP

    3072:AX1/MVID9mJCu4njCnaRdsSqX656NzLPT2U/z59Q7:AuCVucCnud5I/2Uw7

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fe6a7d3df9487a5b4de3f343365a4d40_exe32.exe
    "C:\Users\Admin\AppData\Local\Temp\fe6a7d3df9487a5b4de3f343365a4d40_exe32.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 476
      2⤵
      • Program crash
      PID:1688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads