Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

квита...е.exe

windows7-x64

3

квита...е.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/01/2024, 13:58 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    квитанция об оплате.exe

  • Size

    919KB

  • MD5

    c7e19a4d7ea34083227355a0032fd9f7

  • SHA1

    e6d96446706d9f2d735ac2115436c5c26b09efc6

  • SHA256

    aae30c2042a799b0495a301e127c47c8e27742bb84cf6e3851bf2beffd0824cf

  • SHA512

    391a18a84980810ddcdd14eab50bdebc8eb5cb0a3201b1d6e00a51295f49b155c1031dd3688027b88a712f07eb22daeeb1e9ac81e6c15f0edd9f277cd0ba321c

  • SSDEEP

    12288:1ebObjiVwtR5bWPQ8rzNkINDHflCDrPBZZNp9v9bI7TKskxJkN8h9Sio8k85U:QmjioRGbrxLtfWPB7NDv9b/bPh9x1kr

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\квитанция об оплате.exe
    "C:\Users\Admin\AppData\Local\Temp\квитанция об оплате.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1488
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 688
      2⤵
      • Program crash
      PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1488-0-0x00000000013E0000-0x00000000014CC000-memory.dmp

    Filesize

    944KB

    Download

  • memory/1488-1-0x00000000749D0000-0x00000000750BE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1488-2-0x0000000000990000-0x00000000009D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1488-3-0x0000000000580000-0x0000000000592000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1488-4-0x00000000005A0000-0x00000000005AE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1488-5-0x00000000052F0000-0x000000000536A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/1488-6-0x00000000749D0000-0x00000000750BE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1488-7-0x0000000000990000-0x00000000009D0000-memory.dmp

    Filesize

    256KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.