Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

08f0b53dc7...a2.exe

windows7-x64

1

08f0b53dc7...a2.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    7s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 00:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08f0b53dc7192fed34208175e5d953a2.exe

  • Size

    576KB

  • MD5

    08f0b53dc7192fed34208175e5d953a2

  • SHA1

    05adcda4a2534bf145138e3913a13eb4c5cdd219

  • SHA256

    063fecd8ee754e982ff7ce9ed83b7fe7382dd7c9f24ae3ab63dd2308117bacea

  • SHA512

    95ce41d572d622e4615dc76bdf618b5d948a7ce8453194149fb2b75cfcfd4b5c6cad57de3a33d4bb028549e55cf3762fccd41cabaee539fc9d53dccf4eece6d3

  • SSDEEP

    6144:4BCAAZBSZ4x6mnRCZkkFkIMakKbdWIz6CXkyh7liuxCq+zbc83Cbbbb2cThZzNgS:4BCg48mRYESLxqzN32bb2cXavA0T/eP1

Score
3/10

Malware Config

Signatures

  • Program crash 3 IoCs
  • Suspicious use of UnmapMainImage 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\08f0b53dc7192fed34208175e5d953a2.exe
    "C:\Users\Admin\AppData\Local\Temp\08f0b53dc7192fed34208175e5d953a2.exe"
    1⤵
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3644
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 524
      2⤵
      • Program crash
      PID:1356
    • C:\Users\Admin\AppData\Local\Temp\08f0b53dc7192fed34208175e5d953a2.exe
      watch
      2⤵
      • Suspicious use of UnmapMainImage
      PID:3912
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 492
        3⤵
        • Program crash
        PID:1468
    • C:\Users\Admin\AppData\Local\Temp\08f0b53dc7192fed34208175e5d953a2.exe
      start
      2⤵
      • Suspicious use of UnmapMainImage
      PID:4900
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 492
        3⤵
        • Program crash
        PID:4472
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3644 -ip 3644
    1⤵
      PID:1200
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4900 -ip 4900
      1⤵
        PID:4684
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3912 -ip 3912
        1⤵
          PID:2452

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3644-0-0x000000007FE30000-0x000000007FE4F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3644-1-0x0000000000400000-0x000000000048F000-memory.dmp

          Filesize

          572KB

          Download

        • memory/3644-2-0x0000000000400000-0x000000000048F000-memory.dmp

          Filesize

          572KB

          Download

        • memory/3912-3-0x0000000000400000-0x000000000048F000-memory.dmp

          Filesize

          572KB

          Download

        • memory/3912-6-0x0000000000400000-0x000000000048F000-memory.dmp

          Filesize

          572KB

          Download

        • memory/4900-4-0x0000000000400000-0x000000000048F000-memory.dmp

          Filesize

          572KB

          Download

        • memory/4900-5-0x0000000000400000-0x000000000048F000-memory.dmp

          Filesize

          572KB

          Download