Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

reWASD700-8447.exe

windows7-x64

1

reWASD700-8447.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    209s
  • max time network
    212s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/01/2024, 23:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    reWASD700-8447.exe

  • Size

    50.6MB

  • MD5

    1fe2497c00c2f0cf8e83d66ffc6cfa98

  • SHA1

    290cbe2892da61e6ded1233b3b233f4d5a8ef952

  • SHA256

    bc9c416ce788138b88ab4775947237151455d5ad0ba063809f8c8f825dda6db9

  • SHA512

    77c3ec18f02e7d87ad3dda68b7135ee8dfe0031754297d72d3c694f2a2b547a85ec25f4a9cf53de33544a2941970ccee55d99ef4820dc045dc6730249e2b8ede

  • SSDEEP

    1572864:lLxiua7+EGu5gxFs+yGKmaIDIv5EN2wKZE:lq7iMgxFry/C5ZqE

Score
4/10

Malware Config

Signatures

  • Loads dropped DLL 30 IoCs
  • Program crash 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\reWASD700-8447.exe
    "C:\Users\Admin\AppData\Local\Temp\reWASD700-8447.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    PID:1964
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 1800
      2⤵
      • Program crash
      PID:1164
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 1800
      2⤵
      • Program crash
      PID:4852
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1964 -ip 1964
    1⤵
      PID:2316
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1964 -ip 1964
      1⤵
        PID:1972
      • C:\Windows\system32\taskmgr.exe
        "C:\Windows\system32\taskmgr.exe" /4
        1⤵
        • Checks SCSI registry key(s)
        • Checks processor information in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:4092

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\7z.dll
        Filesize

        93KB

        MD5

        6f6521728c50805453eaa416f8519292

        SHA1

        59f7cf61a3a8ff51edeceade7b95c261f4f3bde5

        SHA256

        13f71b231e35b4fd911642b31047e4016cb099318a4a15368124d0bc5ab11151

        SHA512

        c1e74c0bfa58291fb71c823faa9df1085db03c8de65db12d40cc4e592792082bca148686e7890d28700ada2f321926bf9469de20098ce4aebb1ca354affc79c2

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\7z.dll
        Filesize

        43KB

        MD5

        973a8bec8e95f24c19e09cbdf764a16d

        SHA1

        e6fd230b34662df0791ecc3e6b7fda1fd8719d06

        SHA256

        9910114119cf67e83db3c58a38e566db6e4923f71f3eb2060970012847666d9c

        SHA512

        2292755471073ad879a3262971c3af24d08c1bb1077e74541250b9805e0bb8cdbc1184f3f1c51a6ea1e112af135e08e964ef968d03647eae1788683c06c68ea1

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\7z.dll
        Filesize

        155KB

        MD5

        ad71a5e3a757aef0329aeda567f25a00

        SHA1

        97c766d85c9dabfcabd5a983fe165506d227a8ac

        SHA256

        f6b9ae6eaaedc55db0e381ec153892c122f1f257ada80cf242a20be8a2f117ef

        SHA512

        6852496fb8f59bea3ae46efd507d654ae27306d9f4f2f0dc0db8b03f9f63a3712e075b12f0ebdf6ea88db081fca4dd29be1555584aa70386ccb8297beef886ea

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\CHS.dll
        Filesize

        83KB

        MD5

        bf591f4d366c6c27862373dfe1ed9c8a

        SHA1

        907037948f7708bbfda0d91725801ee80dfdafb0

        SHA256

        cdb1fcb52d718427246a79e810e59914386bddef399a7713405681fcb33ddb31

        SHA512

        f336edc46c231d5cd3ea9959fec3db42886e5fa7b066564ee0b996a4e7be62e832149ca9b59086e8f00219defbe150a94e0d32f018fb10cd4e2b2dbddce42177

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\CHT.dll
        Filesize

        84KB

        MD5

        178f9e57ca31a09c18a5983c9ddbc3a2

        SHA1

        0ed1366fdf7ad9a01cbf5eeb9239c7f805d77e73

        SHA256

        71e77957c236171222f7a5ddc1ae3381141ad617a17798737a0c0e5b5bb38d58

        SHA512

        4cb9623e60807789ea0f1fef773d8fa02e268aeefe90a14d4e8fe1e44be7f1742fb54226e68eff921783c6f4f09ab850ed0ebe202eac80b97d85aec63d188b7f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\DEU.dll
        Filesize

        206KB

        MD5

        4cbd547904dbb9e6cca6931cf58c8c1e

        SHA1

        d166fb044063f34ffcca83a2f3b40fd29626b3f9

        SHA256

        24a8b7347a7ad2118bd7368e1f1fdec0148f5128f1c3741ff80b56b1c0ff3fe7

        SHA512

        e03e4454cfaf38a20a7c4e58a4fa951f49c1bba7871f565c9be57daca5032ea1aee6e2fe4679f8ace2f1b167bca0e625af774e49747dc860ac15630e712d4599

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\ENU.dll
        Filesize

        171KB

        MD5

        79654940dd2606fb404152697446ffa9

        SHA1

        f9091154bfca73b2ff9bf5905f943924797b24d4

        SHA256

        7a71e4067f7dba33f040a7d9697e57f5d40806a6bacc7256aff1175261f5181c

        SHA512

        ff81db1a5a7b017b21f73e23f75a3dd860a0dc637d10f7cf23fb6ee02d35594517a0e01b0393104e0ef65f69f3e736c0d0d4529646d2441d60263dd1ce589def

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\ESN.dll
        Filesize

        199KB

        MD5

        ba9dadbf5d2408b15c673c0db76dedb3

        SHA1

        acd61dc7aedc9131fda2046a1cecf455500f1ff4

        SHA256

        d4767ae746392c47750ff3270dae18563d38e0fbedf7d6ef0c875d094da91552

        SHA512

        0ff54173657df32080f50b08144d9eec42e31ac5e83020b3a760ab90773ddecb19a184c13b9ec9828bb2879070dd17cc9ba1f61358bcdda9bfa0ad8757b550ba

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\FRA.dll
        Filesize

        211KB

        MD5

        8853e74cd4c71f978465c7c3e25b5e2e

        SHA1

        4a00dba78fdda7bf5d8becb3de9622407eb371fe

        SHA256

        1b1ca005d084b495243c966416ec8f789e9f6f2b05dedc6272bd0b3de5aecafe

        SHA512

        2eb757ae7373d4e7c9d2b727cf122d1214f1ec41e87863023d1e067eb00b501fb6f4af324fc91273885e8c5a915dfb4348b3855668807f4b7242b824645bcb60

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\ITA.dll
        Filesize

        200KB

        MD5

        c063a9da8b077d1b702d44ea9b1a0bd4

        SHA1

        90654ad00a9f858e5fb6cab41b90395ec4880d5a

        SHA256

        afb2cf086a9f99b1457c7172f1d6c8ce83e84d83c622b9297679834804fdf780

        SHA512

        0ee90475bb435260dc158f55da0508e2da78515862e96d5455f5fea92c71770a51c4ac7a4525702f7aa53a32a0374989dd4c76c90e65f86a7a414a1e38dc4b84

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\JPN.dll
        Filesize

        108KB

        MD5

        3b0cf857ab3627ad188a230b5110b0c3

        SHA1

        4a306aa3bb6e1186368cb22bebf678d979f4a016

        SHA256

        4e944e0397c5bc17ef8ffba37b8f7af490929de33a1cb47534b4d8e6fc1e7d13

        SHA512

        9ad0f988efbf1b7c6191c8feabcc000bd9c6b4548eafc0e618ec3c5751df220640a1c2d27bb812e274da1b9638bf0b12245e8de9e6cfb33f4e87b65b5d7ec170

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\PLK.dll
        Filesize

        7KB

        MD5

        c1d29c8166c18bfde7dc4b79d7f5960a

        SHA1

        b380a3f463d52ab31350b267ea51376461c4d66d

        SHA256

        a343e53039c54ccf24f96408dfeea825b3008219afef803dfe1968a79fae4bcc

        SHA512

        6ed2327578ff654bc78d7d2f67e63cbd085921b818560f68baee8d8c09665dc7ce02232e0b0e0fb13c85b9f1a516cb47cc285d7812f698f9341cf5226d4ca345

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\PLK.dll
        Filesize

        199KB

        MD5

        46d6dc8b3826219e8f171fa1c281cf7c

        SHA1

        d787a25f6dbb99020ed2d5528868081700cb7f91

        SHA256

        cd6e42db77254268e4bcc3dbf042e3199f94969ef6d39224fa4e8b2a2d74c75b

        SHA512

        4a4871d7f450dce6058f129c9e657db796b69619e7894fa658a0e3e232497aa58cc4a277e9e055e1dcbf65112aafab3464899248f1c202d6bc3343e873614d3b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\PTB.dll
        Filesize

        195KB

        MD5

        89e8cdc2eb2c1812d30255a6ae7c24a6

        SHA1

        af723c6c7ac58f9bb1c1c9013f0e0c288c60087e

        SHA256

        c5e221eda4de0828afca1fd685554ccf1493ec1d53daa143592e68a63cc4271f

        SHA512

        f53b8c1830482c26d7618332e7259771b17cfe01403a3a3cdbbce40aaf7e8f63b561cbc63b420a0f04c0a3c72f78276bb47c1a8f395099c951a33e263a37195f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\RUS.dll
        Filesize

        188KB

        MD5

        5712264e6f283eae9ec5c992ccf41f57

        SHA1

        50795d52d10b880cbd579043987af34990cbc99a

        SHA256

        2dec23e2b4d1b74f3779005bb8192af6d4722ee9915d8ea67c3a04f3f9d414c2

        SHA512

        fa68fa14aff8ea380f1b4158a5849381a94f2166a8afbed4f129dfcf6c2b60d692d746f49a5bd124df807eb22da4025a8428017ca8fda84c3acaf0d479271c6b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\TRK.dll
        Filesize

        60KB

        MD5

        2661c176ef967fb3948007e2026f24ec

        SHA1

        bd0ac37647fe122e9892117ffd34043fef96fb25

        SHA256

        30710cebf5959208a6a79dc22f5d483fcee4dce27a86b5827ccf562af630441d

        SHA512

        c2e423e4285f9a9a22df0c2d0512a2ea82713ee95a42cabd71482d9194e5225d086ac02a58087736964713fe4129684cdbd0a5895e5cae2999aaa119441af07b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\TRK.dll
        Filesize

        46KB

        MD5

        28cbeb7eb3a65159557126e5f3377215

        SHA1

        c7d0f3997c59b8790d3b57d1c6a987b0facb148e

        SHA256

        b4467088f07ebb9b1f32a0174b382a4a73215d990e05e901b20237c18d517ce4

        SHA512

        a5423a12d45d492bfa779477480a70fb31f7e0e0d9aa35ef68e8fba92f23d6e8851ff6b752f61eba2bc215ecc4d209d37e1ab73204afb4a86b14ea340bfeafd1

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\UKR.dll
        Filesize

        54KB

        MD5

        d6b20c4554288333545dc5e047a0fd8f

        SHA1

        4f77abcb69af6bc0eaa320b19d7b8b0cdb380fea

        SHA256

        49c59ddc70a4bf0d9c73e08e4c2154cf1365eae8979efac205d608a770b68d1d

        SHA512

        4d9581912065063bcfcf5f402881b5cc01946d2d20edfa2ba0541efaedb39ec4cadd793479b00f76bc572422fd0c65af60a2bd8c88112b28abfdcf0cc4502426

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\UKR.dll
        Filesize

        19KB

        MD5

        526dafac45973f81bbd7b6b8278c2a5f

        SHA1

        e4076bdaca9563a745fa6c6a79af9d28d0127a92

        SHA256

        a156267a32f1844d24b09af2dd957dc75652b15286a8ec5107eed86f79282d91

        SHA512

        d4995f784efb50831c702aec68f5b42692985bee46bfb238c65b173116cca7b371b61f0304adb82b63b393acf2f94e4022e4efea13b10c74ee50f13b0af29b22

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\reWASDInstallerResources\setuphlp.dll
        Filesize

        761KB

        MD5

        0b36a9bd0838bde3ed7ce102b91ba083

        SHA1

        dee9eaca21a63448466aa344a44710e941762cdd

        SHA256

        ba62f6e8e9d3e2bd2c982e755e165fb2977b6ef989c69a613f5e2e9207f39a71

        SHA512

        5024c3a6d928196192eb7a656a680d235ba0b968287da358b970cdfa3390607396aa885537af510506dc5cd36b2fa311c4f7a42cec5b9595adc98cd8f11afdc5

        Download Submit

      • memory/1964-1-0x0000000000340000-0x00000000035D6000-memory.dmp

        Filesize

        50.6MB

        Download

      • memory/1964-10-0x00000000085F0000-0x000000000860E000-memory.dmp

        Filesize

        120KB

        Download

      • memory/1964-9-0x0000000008570000-0x00000000085E6000-memory.dmp

        Filesize

        472KB

        Download

      • memory/1964-4-0x00000000080A0000-0x00000000080AA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/1964-3-0x00000000080B0000-0x00000000080C2000-memory.dmp

        Filesize

        72KB

        Download

      • memory/1964-2-0x00000000080E0000-0x00000000080F0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1964-0-0x0000000074580000-0x0000000074D30000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/1964-29-0x000000006E0C0000-0x000000006E1B0000-memory.dmp

        Filesize

        960KB

        Download

      • memory/1964-97-0x0000000009170000-0x00000000091B0000-memory.dmp

        Filesize

        256KB

        Download

      • memory/1964-98-0x0000000074580000-0x0000000074D30000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/1964-99-0x000000006E0C0000-0x000000006E1B0000-memory.dmp

        Filesize

        960KB

        Download

      • memory/4092-102-0x000001C5F0E20000-0x000001C5F0E21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4092-101-0x000001C5F0E20000-0x000001C5F0E21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4092-100-0x000001C5F0E20000-0x000001C5F0E21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4092-106-0x000001C5F0E20000-0x000001C5F0E21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4092-107-0x000001C5F0E20000-0x000001C5F0E21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4092-108-0x000001C5F0E20000-0x000001C5F0E21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4092-109-0x000001C5F0E20000-0x000001C5F0E21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4092-110-0x000001C5F0E20000-0x000001C5F0E21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4092-111-0x000001C5F0E20000-0x000001C5F0E21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4092-112-0x000001C5F0E20000-0x000001C5F0E21000-memory.dmp

        Filesize

        4KB

        Download