Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

1

9269.exe

windows10-2004-x64

5

Resubmissions

03/11/2023, 10:41

231103-mrbkwsag37 5

07/08/2023, 03:51

230807-eezsysef4v 5

Analysis

  • max time kernel
    416s
  • max time network
    423s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/11/2023, 10:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9269.exe

  • Size

    1.4MB

  • MD5

    711d8682ec215e6ec5fdbf6acc10240e

  • SHA1

    1786859b2ac480ff5698fad981aec52873b9f21a

  • SHA256

    b245325d21b53f21ee7d6a1a8ed3963fcb89cf9770c3d0476ca0544558eaabc3

  • SHA512

    77b68a54d52b03df21514200b6f34f68b3273e8024f4e528003ea4093fd7f4d3a099962a59283def4e4eadfd7f47eb7c4d798b9215e91f5c2178f66c952083e0

  • SSDEEP

    24576:hXNLeml1gXxVn/r5zmscdv5mQ5UOBrI5fTveb/Jz28wXTJvdx:hXZeml1gXxl5z+LmQvaDebRz28wXTzx

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9269.exe
    "C:\Users\Admin\AppData\Local\Temp\9269.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:3144
    • C:\Windows\SysWOW64\ftp.exe
      "C:\Windows\SysWOW64\ftp.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1668
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 1440
        3⤵
        • Program crash
        PID:1116
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1668 -ip 1668
    1⤵
      PID:248

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\2945636a
      Filesize

      806KB

      MD5

      52db03fcd9bef8ee2e2ea4c4151e2140

      SHA1

      83c9ebb9c4780f9d7b2cddc2bfbd9913688d98d9

      SHA256

      55d42bc3fdfa32312b9f638c42b6bfe326d57070e4667d48997a97963b116485

      SHA512

      9ea7b1e7fae6ea4e03d4d9ff06ffefd581599699f485a0785525db4c253376c7873b0d5f872f091b0feb93da9056920ae7b6b58f2178bc616e7e41233378e86e

      Download Submit

    • memory/1668-3-0x00007FF890F30000-0x00007FF891125000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1668-4-0x0000000003210000-0x0000000004464000-memory.dmp

      Filesize

      18.3MB

      Download

    • memory/1668-6-0x0000000074040000-0x0000000075294000-memory.dmp

      Filesize

      18.3MB

      Download

    • memory/1668-7-0x0000000074040000-0x0000000075294000-memory.dmp

      Filesize

      18.3MB

      Download

    • memory/1668-8-0x0000000003210000-0x0000000004464000-memory.dmp

      Filesize

      18.3MB

      Download

    • memory/3144-0-0x00007FF872370000-0x00007FF8739E7000-memory.dmp

      Filesize

      22.5MB

      Download