Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

fewvc.exe

windows7-x64

7

fewvc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231025-en
  • resource tags

    arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
  • submitted
    25/11/2023, 09:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fewvc.exe

  • Size

    2.4MB

  • MD5

    7f133f61ef64cf914cbe0996ee79f85a

  • SHA1

    4320f2f9f0aac2051746d9ddbae1ce22500c8af7

  • SHA256

    20c157bf9063d14ab2f9fad5145f0c3b2be477244f8e41b9000aa6c7a3d35325

  • SHA512

    0c0fab19ae73338dd7d30e153c71640ec274dc2d3de1c98aacc49e5f7ded1bca4e73befb17aeb5b24827647cc13bbe0357fa9b00c8279e0a14b164fd4cfd81a3

  • SSDEEP

    49152:WA+x6nPIDKFLlhIzMHBd0CFwk84djYfyZ8ZUIphw5vsJJ:W5x6ng+0CCk84808l8sJ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fewvc.exe
    "C:\Users\Admin\AppData\Local\Temp\fewvc.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Windows\u37.exe
      C:\Windows\u37.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2256
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 2256 -s 1212
        3⤵
          PID:2628

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\u37.exe
      Filesize

      1.7MB

      MD5

      2e6a09a6d8e8c20e288a30d4538bf82d

      SHA1

      e00e7e628c3ac85d87e80e40bc1f15eed561adca

      SHA256

      8e9464fd79e0eb65e7c5e228362695f7e2d97f7f42d0b112f91ba68350cc46fa

      SHA512

      2c64cf78825b3090980abce679aada84835d24aaebb10c125af550d215881f0d6b23832fa2f0e27d46cad4bb9aa840384c31a8c2e224458793b6458407924579

      Download Submit

    • C:\Windows\u37.exe
      Filesize

      1.7MB

      MD5

      2e6a09a6d8e8c20e288a30d4538bf82d

      SHA1

      e00e7e628c3ac85d87e80e40bc1f15eed561adca

      SHA256

      8e9464fd79e0eb65e7c5e228362695f7e2d97f7f42d0b112f91ba68350cc46fa

      SHA512

      2c64cf78825b3090980abce679aada84835d24aaebb10c125af550d215881f0d6b23832fa2f0e27d46cad4bb9aa840384c31a8c2e224458793b6458407924579

      Download Submit

    • memory/2256-4-0x00000000009C0000-0x0000000000B78000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2256-5-0x000007FEF5CA0000-0x000007FEF668C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2256-6-0x000000001C2D0000-0x000000001C4B4000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2256-7-0x000000001BC90000-0x000000001BD10000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2256-8-0x000007FEF5CA0000-0x000007FEF668C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2256-9-0x000000001BC90000-0x000000001BD10000-memory.dmp

      Filesize

      512KB

      Download