Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d99be0ea7f...e6.exe

windows7-x64

7

d99be0ea7f...e6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 15:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d99be0ea7f5f5eb516eba5eedf3392e6.exe

  • Size

    1003KB

  • MD5

    d99be0ea7f5f5eb516eba5eedf3392e6

  • SHA1

    84ffb6f30a73ced7bb7176d76509a0102c798bf8

  • SHA256

    2bf0c7cd57791d2eb65096e323281f8d58949646c9aa11c1df1707b499d86f00

  • SHA512

    eaaa9b9dc4841629e033b13b848b56d5c4bd30901a3f1f7e1040b02de1e17f1c10fd7d69923a6d2cdef1778d0d954901e0143f73fa673dcf45bb4c4f802f122e

  • SSDEEP

    24576:dgdhhQGGniba/WPpuvlBEaneHueYQFSMdEkSg1oAZG:dqj5s8+elYQFSMwgFG

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d99be0ea7f5f5eb516eba5eedf3392e6.exe
    "C:\Users\Admin\AppData\Local\Temp\d99be0ea7f5f5eb516eba5eedf3392e6.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:3948
    • C:\Program Files (x86)\vt\bwfw.exe
      "C:\Program Files (x86)\vt\bwfw.exe"
      2⤵
      • Executes dropped EXE
      PID:2308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\vt\bwfw.exe
    Filesize

    6KB

    MD5

    a8d4226635e599ef808cef63f980c834

    SHA1

    a6c5f7f51f6954d79c7e8fba722a28ea02b0c1c3

    SHA256

    b35c1a1af197e1178cd58f894b03ffcbbff4134a765e9a57e025831b41915dfb

    SHA512

    53648352b343daaacb0068c8cf4f2a6ccf3425e3bdec066dd0af88251120cf5cfc7d1396627d93238a9f90ae53b9b0e762c738aa7bfaed2e0903b78cb14ec0a9

    Download Submit

  • C:\Program Files (x86)\vt\bwfw.exe
    Filesize

    47KB

    MD5

    df7a0be585d9f4e593eed308e9d90255

    SHA1

    b39da7bc5424d92aefc8818c7ec07e9ea8a3a939

    SHA256

    f91c13991fffe14f3981e488f9d74e0c893f669d77d60fe9bd3c4e67a86ec741

    SHA512

    03d795e861d5acbc0ea054dffb57db18b5ac3ee4937146b6b730ab779c708fbc54360f42707db42254e625a87bed6561b97b870b41e5bea96a4ff2b63844af96

    Download Submit

  • memory/2308-5-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/3948-3-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download