Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

8f49da0485...d8.exe

windows7-x64

5

8f49da0485...d8.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    168s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 13:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f49da04859558447d5479d3204dbbd8.exe

  • Size

    216KB

  • MD5

    8f49da04859558447d5479d3204dbbd8

  • SHA1

    c1805e8984692be2e1a05ef04b2cc7e2f27ea4d1

  • SHA256

    d3d72fe9caf153881c30e78e5373d6544431f3c292700d3cd047cdbf2467675e

  • SHA512

    a930483f1707fd406d3c3e189d1d6ddf37f4d865fa4b32e873c91f94d3654a86dc019e43ff4c7b6ee27cf69446d380f9c992162235a92fe3b7bc51a8fc7ce99f

  • SSDEEP

    3072:rcV7Z0KUjiKdIa0rRzBuMewLSPlNKwGNmJ30/wlj1o2Y:rgZTUjiS4BurxPlNKwGNmJ30ol

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f49da04859558447d5479d3204dbbd8.exe
    "C:\Users\Admin\AppData\Local\Temp\8f49da04859558447d5479d3204dbbd8.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2668
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 228
      2⤵
      • Program crash
      PID:2776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2668-0-0x00000000003C0000-0x00000000003DC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2668-1-0x0000000000610000-0x0000000000611000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2668-2-0x0000000000400000-0x000000000047D000-memory.dmp

    Filesize

    500KB

    Download

  • memory/2668-8-0x00000000003C0000-0x00000000003DC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2668-10-0x0000000000610000-0x0000000000611000-memory.dmp

    Filesize

    4KB

    Download