Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

51660048d3...61.exe

windows7-x64

7

51660048d3...61.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/01/2024, 19:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    51660048d36ba4c7f0f4c1fb2e738461.exe

  • Size

    837KB

  • MD5

    51660048d36ba4c7f0f4c1fb2e738461

  • SHA1

    dbc2131302f5794aa5223571e30dada5a6718b3d

  • SHA256

    12f7ffc817f235b4f659100182278496343cd79e53181d0f7e081f3c55896515

  • SHA512

    a30a5c8406aa52d46b9275d14a1b4fa817dcdaf1c286c1a2936d942d8715d7a958ed759861753f1adfcc343e9932cbd188da51721539ed289b500a3f2e99f575

  • SSDEEP

    24576:OFdd0TTbZ3tI+rXkPE+PZ1itepHnf/GPQq/ozAVABp1:OvdGa+jMPZo49uP9g+AB

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\51660048d36ba4c7f0f4c1fb2e738461.exe
    "C:\Users\Admin\AppData\Local\Temp\51660048d36ba4c7f0f4c1fb2e738461.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4384
    • C:\Users\Admin\AppData\Local\Temp\is-AGLUG.tmp\51660048d36ba4c7f0f4c1fb2e738461.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-AGLUG.tmp\51660048d36ba4c7f0f4c1fb2e738461.tmp" /SL5="$40222,814666,148992,C:\Users\Admin\AppData\Local\Temp\51660048d36ba4c7f0f4c1fb2e738461.exe"
      2⤵
      • Executes dropped EXE
      PID:1764
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 472
      2⤵
      • Program crash
      PID:4372
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1764 -ip 1764
    1⤵
      PID:2064
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 396
      1⤵
      • Program crash
      PID:4632
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4384 -ip 4384
      1⤵
        PID:3948

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\is-AGLUG.tmp\51660048d36ba4c7f0f4c1fb2e738461.tmp
        Filesize

        61KB

        MD5

        5e0b2c13aa1c4934c8d2b5905dacac29

        SHA1

        2dfe171365d9d5015dc7298c1ba9da7d6ac1b60e

        SHA256

        e7af1542c4354e20641ed1978a36cf84b5f6cbe117f8e705a27d254d52e5ab82

        SHA512

        ad3bc71aa6ddea00de502604a641b730ecbcdb782a6a4b1a490ce70b5bf18fc5af802e7ab91a3cd7a95cf5b65c68ba9e86cf7e014eb41c37dd036f234a03645a

        Download Submit

      • memory/1764-7-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/4384-0-0x0000000000400000-0x000000000042B000-memory.dmp

        Filesize

        172KB

        Download

      • memory/4384-3-0x0000000000400000-0x000000000042B000-memory.dmp

        Filesize

        172KB

        Download

      • memory/4384-8-0x0000000000400000-0x000000000042B000-memory.dmp

        Filesize

        172KB

        Download