Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

1

winprofile

windows7-x64

5

winprofile

windows10-1703-x64

5

Analysis

  • max time kernel
    287s
  • max time network
    292s
  • platform
    windows10-1703_x64
  • resource
    win10-20231129-en
  • resource tags

    arch:x64arch:x86image:win10-20231129-enlocale:en-usos:windows10-1703-x64system
  • submitted
    11/12/2023, 05:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e72126642733836ed79620109977a2baa56343ba67a5d9883685f61ee0a268a7.exe

  • Size

    1.1MB

  • MD5

    6984a69d5a7085d3fe479a9238c4bc54

  • SHA1

    44fe18bc3439ee28d769b309a156ac4d03abcc70

  • SHA256

    e72126642733836ed79620109977a2baa56343ba67a5d9883685f61ee0a268a7

  • SHA512

    b204984efafc10c104d10f6e52c33e13410d9b1b668b0cdee10bafd1b0c9e50c8a326d86f014a840bff791783ebec848acb8f2243b1531d96c5bf3a15c834966

  • SSDEEP

    24576:BrvpJHGfy4jWG4mFcISb1hSmQ15AGfiiR:Bd4jWG4mFcIQ1mvAGR

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    1⤵
      PID:3220
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 304
      1⤵
      • Program crash
      PID:4676
    • C:\Users\Admin\AppData\Local\Temp\e72126642733836ed79620109977a2baa56343ba67a5d9883685f61ee0a268a7.exe
      "C:\Users\Admin\AppData\Local\Temp\e72126642733836ed79620109977a2baa56343ba67a5d9883685f61ee0a268a7.exe"
      1⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:1444

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3220-0-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/3220-4-0x0000000073BA0000-0x000000007428E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/3220-5-0x0000000006DB0000-0x0000000006DC0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3220-8-0x0000000009340000-0x000000000944A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/3220-7-0x0000000006DC0000-0x0000000006DD2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/3220-9-0x0000000009270000-0x00000000092AE000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3220-6-0x0000000009840000-0x0000000009E46000-memory.dmp

      Filesize

      6.0MB

      Download

    • memory/3220-10-0x00000000092B0000-0x00000000092FB000-memory.dmp

      Filesize

      300KB

      Download

    • memory/3220-27-0x0000000073BA0000-0x000000007428E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/3220-34-0x0000000006DB0000-0x0000000006DC0000-memory.dmp

      Filesize

      64KB

      Download