Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

file.exe

windows7-x64

7

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29/01/2024, 17:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    4.5MB

  • MD5

    059660095ba38842e176cf29d8adc954

  • SHA1

    a330e477566fed2f46b19199853762fea089cec6

  • SHA256

    0e0e02546f73e4914cd735dea83a94435e567a26d64c11b8a7fc6f0ef6fc4103

  • SHA512

    26f21b1ebdb44e4b85a30a9b1ee86cf6b014563270f2a3b150aa997f27734835202fd1551c84683d3866e56dac81ccf9de189b96209cc7655320d0bea8a86684

  • SSDEEP

    49152:zolGmH4YG9aEZv9zPpYpuPKlMVNPi0jv0eST9r30lJLEJEO1Q35cL2HqCM+Bdzvj:zolfH4Y9EypdMVNa+u0AyO1Q3uYqjMz

Score
7/10

Malware Config

Signatures

  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1652
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2668
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 92
        3⤵
        • Program crash
        PID:2576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\Protect544cd51a.dll
    Filesize

    190KB

    MD5

    82adf2c61942c4dec4a5c66bb0dc9947

    SHA1

    f8b6c6c0d4e513df1df83fb9deec922a8e965c3f

    SHA256

    8db09361927194e1fa99068ddc4c0395848c90f66c3c63bd858a25fff9b681b8

    SHA512

    53e3052c2535f0433586f1217d6fc22e6bfb3e54191435ba66def8c12ac8e229ad1f8d9f0100f3c5e2a996182d38b162553ca992f44206d287e0ce89bdcf4ac1

    Download Submit

  • memory/1652-18-0x0000000005490000-0x00000000054D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1652-16-0x0000000005AA0000-0x0000000005BA0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1652-3-0x0000000005490000-0x00000000054D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1652-4-0x0000000005630000-0x00000000057C2000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1652-12-0x0000000005490000-0x00000000054D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1652-15-0x0000000005490000-0x00000000054D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1652-0-0x0000000074990000-0x000000007507E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1652-9-0x0000000005490000-0x00000000054D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1652-10-0x0000000005490000-0x00000000054D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1652-13-0x0000000005490000-0x00000000054D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1652-33-0x0000000074990000-0x000000007507E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1652-14-0x0000000005490000-0x00000000054D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1652-2-0x0000000074990000-0x000000007507E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1652-11-0x0000000000870000-0x0000000000880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1652-17-0x0000000005490000-0x00000000054D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1652-1-0x0000000000350000-0x00000000007D8000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/2668-19-0x0000000000400000-0x000000000048A000-memory.dmp

    Filesize

    552KB

    Download

  • memory/2668-21-0x0000000000400000-0x000000000048A000-memory.dmp

    Filesize

    552KB

    Download

  • memory/2668-23-0x0000000000400000-0x000000000048A000-memory.dmp

    Filesize

    552KB

    Download

  • memory/2668-29-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2668-32-0x0000000000400000-0x000000000048A000-memory.dmp

    Filesize

    552KB

    Download

  • memory/2668-35-0x0000000000130000-0x0000000000131000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2668-25-0x0000000000400000-0x000000000048A000-memory.dmp

    Filesize

    552KB

    Download

  • memory/2668-34-0x0000000000400000-0x000000000048A000-memory.dmp

    Filesize

    552KB

    Download

  • memory/2668-30-0x0000000000400000-0x000000000048A000-memory.dmp

    Filesize

    552KB

    Download

  • memory/2668-27-0x0000000000400000-0x000000000048A000-memory.dmp

    Filesize

    552KB

    Download