Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    144s
  • max time network
    81s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/01/2024, 13:46

General

  • Target

    wnnqrg.exe

  • Size

    62KB

  • MD5

    ad65f79ab6bd2884461a198e1d77ef76

  • SHA1

    f7ac4388da64c17f92f0c10803de57abad060bb9

  • SHA256

    c545d7f6a0c7da83bdabf56728c240bca8dc9f86416123efde1a3e60d87626ce

  • SHA512

    7da047e3ce0ffe6d01e603092f12acfa98499b0407ba6b328acd94eb7894f7009163804b6fd645ae6b6d0deb98091cacb71b53c0585381fdb962a205e6a8440e

  • SSDEEP

    1536:Px+QC21XgNhnNiBiSXM4dmxSxh1eKMNDYVmtM:PxdhgNhNiB7drx6KMNay

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\wnnqrg.exe
    "C:\Users\Admin\AppData\Local\Temp\wnnqrg.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4968
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 592
      2⤵
      • Program crash
      PID:3980
    • C:\Users\Admin\AppData\Local\Temp\wnnqrg.exe
      "C:\Users\Admin\AppData\Local\Temp\wnnqrg.exe"
      2⤵
        PID:1184
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4968 -ip 4968
      1⤵
        PID:1592

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4968-1-0x00000000000A0000-0x00000000001A0000-memory.dmp

        Filesize

        1024KB