Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

fewvc.exe

windows7-x64

7

fewvc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/11/2023, 09:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fewvc.exe

  • Size

    2.4MB

  • MD5

    7f133f61ef64cf914cbe0996ee79f85a

  • SHA1

    4320f2f9f0aac2051746d9ddbae1ce22500c8af7

  • SHA256

    20c157bf9063d14ab2f9fad5145f0c3b2be477244f8e41b9000aa6c7a3d35325

  • SHA512

    0c0fab19ae73338dd7d30e153c71640ec274dc2d3de1c98aacc49e5f7ded1bca4e73befb17aeb5b24827647cc13bbe0357fa9b00c8279e0a14b164fd4cfd81a3

  • SSDEEP

    49152:WA+x6nPIDKFLlhIzMHBd0CFwk84djYfyZ8ZUIphw5vsJJ:W5x6ng+0CCk84808l8sJ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fewvc.exe
    "C:\Users\Admin\AppData\Local\Temp\fewvc.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4256
    • C:\Windows\9t.exe
      C:\Windows\9t.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:5012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\9t.exe
    Filesize

    1.7MB

    MD5

    61d9e025b8c4ad606a72f2a6b99bbfd8

    SHA1

    49d6aee652ab37d965a994a154a0bd0d52638397

    SHA256

    27bbd93f7d0716fbe1a95ad8dcb25cdb735367b4d11f296aefbf21d7dd515214

    SHA512

    0c615dcb34d651b2407113a98f73853c005b4b5f1d85eba605e829efef9a75397cb903458f0a7972308ca56333b35a96e33a3c008a8dd299458936a4f42ac0c7

    Download Submit

  • C:\Windows\9t.exe
    Filesize

    1.7MB

    MD5

    61d9e025b8c4ad606a72f2a6b99bbfd8

    SHA1

    49d6aee652ab37d965a994a154a0bd0d52638397

    SHA256

    27bbd93f7d0716fbe1a95ad8dcb25cdb735367b4d11f296aefbf21d7dd515214

    SHA512

    0c615dcb34d651b2407113a98f73853c005b4b5f1d85eba605e829efef9a75397cb903458f0a7972308ca56333b35a96e33a3c008a8dd299458936a4f42ac0c7

    Download Submit

  • memory/5012-4-0x000001D404910000-0x000001D404AC8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/5012-5-0x00007FFDF8E70000-0x00007FFDF9931000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/5012-6-0x000001D41F0D0000-0x000001D41F2B4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/5012-7-0x000001D41F080000-0x000001D41F090000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5012-8-0x00007FFDF8E70000-0x00007FFDF9931000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/5012-9-0x000001D41F080000-0x000001D41F090000-memory.dmp

    Filesize

    64KB

    Download