Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

1854b902ff...fb.exe

windows7-x64

7

1854b902ff...fb.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 12:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1854b902ff2a62f1b6362d3fcd1aa2fb.exe

  • Size

    296KB

  • MD5

    1854b902ff2a62f1b6362d3fcd1aa2fb

  • SHA1

    d3eace956c49ccfa663ee3b1ee1ca110a917235d

  • SHA256

    1571a63616e7f27d15a77a543471850470910da8a01756b6c0ede4e4c14d7c27

  • SHA512

    e419e14210796686039f4f7663fb0ca366d78f22bb74a67f2be1d8d33e3087667e82d6a8577d8f4db0f1d9c0c3accca05428d48a5c48e445b4d8633b32fc8538

  • SSDEEP

    6144:8N2uZ8tIResASM3FKo+Nj1Y2IR5GqvqT7WT3IptMtgzoS:c2uZ8t2eDL3FKoCFIm0BIwtmoS

Score
8/10
upx

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1854b902ff2a62f1b6362d3fcd1aa2fb.exe
    "C:\Users\Admin\AppData\Local\Temp\1854b902ff2a62f1b6362d3fcd1aa2fb.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops file in Windows directory
    PID:3104
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 216 -ip 216
    1⤵
      PID:656
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 216 -s 12
      1⤵
      • Program crash
      PID:1332
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Windows\system32\svchost.exe" 53971
      1⤵
        PID:216
      • C:\Windows\gbserver.exe
        C:\Windows\gbserver.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:2312

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\gbserver.exe
        Filesize

        296KB

        MD5

        1854b902ff2a62f1b6362d3fcd1aa2fb

        SHA1

        d3eace956c49ccfa663ee3b1ee1ca110a917235d

        SHA256

        1571a63616e7f27d15a77a543471850470910da8a01756b6c0ede4e4c14d7c27

        SHA512

        e419e14210796686039f4f7663fb0ca366d78f22bb74a67f2be1d8d33e3087667e82d6a8577d8f4db0f1d9c0c3accca05428d48a5c48e445b4d8633b32fc8538

        Download Submit

      • C:\Windows\gbserver.exe
        Filesize

        65KB

        MD5

        4ffa58da48e3b6222803774c319d59b5

        SHA1

        13a1aa01ad831c69744f82120e06aa4d3207d8bc

        SHA256

        47b8122e2a67948e9c0b762429c149f2869bc1fd3fdc65fa58d133ee09b18c72

        SHA512

        487951f099ca5004517241ea77ab1441f4af401ac302c84d76a4fa8eba250b4f8aa3aad8c9c2592ebdacf11bfa2fdd5342103b2c04939759d35702625d2d64ad

        Download Submit

      • memory/216-9-0x0000000000400000-0x0000000000497000-memory.dmp

        Filesize

        604KB

        Download

      • memory/2312-7-0x0000000000400000-0x0000000000497000-memory.dmp

        Filesize

        604KB

        Download

      • memory/2312-8-0x0000000000630000-0x0000000000631000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2312-10-0x0000000000400000-0x0000000000497000-memory.dmp

        Filesize

        604KB

        Download

      • memory/3104-0-0x0000000000400000-0x0000000000497000-memory.dmp

        Filesize

        604KB

        Download

      • memory/3104-1-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3104-11-0x0000000000400000-0x0000000000497000-memory.dmp

        Filesize

        604KB

        Download