Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

427d97f388...2b.exe

windows7-x64

8

427d97f388...2b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/01/2024, 02:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    427d97f388c33ce479c3ccc095e2402b.exe

  • Size

    16KB

  • MD5

    427d97f388c33ce479c3ccc095e2402b

  • SHA1

    a35c6ccd5c5810f5be57420e18789e31cf6b82cb

  • SHA256

    7d8ff897cf83dc0577fb70fe364486e664b5b0e98156f313238d1d9cbb624970

  • SHA512

    3d5ca2469a2e81e784020b99a940411273764b50fb818956978e4ffc59ab2461531ea7900689658692bda43d09326b068f4509706912c7580a8079b4ccbf8086

  • SSDEEP

    384:9sT7LZYIM9iJ9skQahHG9oBT+JFbCDaCmQP2srsp:YLZYfGsRCZwF4aCmM2sop

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 7 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\427d97f388c33ce479c3ccc095e2402b.exe
    "C:\Users\Admin\AppData\Local\Temp\427d97f388c33ce479c3ccc095e2402b.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2788
    • C:\Windows\SysWOW64\SVCH0ST.exe
      "C:\Windows\system32\SVCH0ST.exe"
      2⤵
      • Executes dropped EXE
      PID:3680
    • C:\Windows\SysWOW64\ime\conine.exe
      "C:\Windows\system32\ime\conine.exe"
      2⤵
      • Drops file in Drivers directory
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      PID:4156
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3680 -ip 3680
    1⤵
      PID:400
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 224
      1⤵
      • Program crash
      PID:4104

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\SVCH0ST.exe
      Filesize

      16KB

      MD5

      427d97f388c33ce479c3ccc095e2402b

      SHA1

      a35c6ccd5c5810f5be57420e18789e31cf6b82cb

      SHA256

      7d8ff897cf83dc0577fb70fe364486e664b5b0e98156f313238d1d9cbb624970

      SHA512

      3d5ca2469a2e81e784020b99a940411273764b50fb818956978e4ffc59ab2461531ea7900689658692bda43d09326b068f4509706912c7580a8079b4ccbf8086

      Download Submit

    • memory/2788-0-0x0000000000510000-0x000000000051E200-memory.dmp

      Filesize

      56KB

      Download

    • memory/2788-1-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2788-14-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2788-12-0x0000000000510000-0x000000000051E200-memory.dmp

      Filesize

      56KB

      Download

    • memory/3680-15-0x00000000001C0000-0x00000000001CC000-memory.dmp

      Filesize

      48KB

      Download

    • memory/4156-13-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/4156-19-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download