Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Wmi/Wmicore.exe

windows7-x64

7

Wmi/Wmicore.exe

windows10-2004-x64

7

Wom/Wom2004.exe

windows7-x64

1

Wom/Wom2004.exe

windows10-2004-x64

1

WomSetup.exe

windows7-x64

1

WomSetup.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    14/02/2024, 10:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Wmi/Wmicore.exe

  • Size

    6.3MB

  • MD5

    143b80aed79b5beb302683d4265233c0

  • SHA1

    fb6ca89041e813c756bfaf2e35b9f100139be40e

  • SHA256

    c810117106b3cc189637ff166875052a71062f9e58279d97002ba095d4137400

  • SHA512

    46ec7f799f16b37d533626452847a0903140efe28c97e2c5b07a5784b42d948862691fbd2d9b4b0e9919ce4ecf0efb5ab19bf1d3c850e18bd93d487150a2d4df

  • SSDEEP

    196608:EJBi8a39obkqAmLfsIQJcJyKp7eadZXOmvRDW:Eox3SE3A2E8

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Wmi\Wmicore.exe
    "C:\Users\Admin\AppData\Local\Temp\Wmi\Wmicore.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Users\Admin\AppData\Local\Temp\GLB57D0.tmp
      C:\Users\Admin\AppData\Local\Temp\GLB57D0.tmp 17384 C:\Users\Admin\AppData\Local\Temp\Wmi\Wmicore.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\GLF740E.tmp
    Filesize

    3KB

    MD5

    b369b2953da239783c4b24aab2043dd9

    SHA1

    be3b9f8f4742ec32bab3d811bb77e3317d7a50e7

    SHA256

    1f99424f744235c4722a0340340fee22c14cf9481be34165e541e9dead1930ea

    SHA512

    626ebca8a1d05d1e18737b1bcf9ef0b89545875515004b7e5ef7bf22ef52151a20ee18242336f98de8670a9855f74a26e4b3359b1d1350ec9036e44369f8e0d8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\GLB57D0.tmp
    Filesize

    192KB

    MD5

    9de1bdb46178a68a70a65ec0f4d8451c

    SHA1

    fb98776292bd807bd8dbd93d6e7219d7a4a67970

    SHA256

    508748bd19fa6ede1b2041dac48ca296c8a8bdbd40ee687227950d639c62f33a

    SHA512

    0489ced99b940d52d23a38581575e5d87075ac7ca22c332c1fe530e27c0fedab465b9f9537cdcadc26c86013efe074bd4547bd677ba36f6d57deb662ac8fcb72

    Download Submit

  • \Users\Admin\AppData\Local\Temp\GLC589B.tmp
    Filesize

    152KB

    MD5

    f0418e5219b5e8fd5a596cdebb40f80c

    SHA1

    c7187cae1be1b313b6bbdf022fecf7a386bddc22

    SHA256

    1db360830b5760e2e0c77539014e0a517fd6ec1fea699359d025769dc66caec7

    SHA512

    04697b3ec2a46bdee699e8dfbcaa1e4b5b341114f021475af201f53cd1d4e916006995e80e9957bdd04b2805370a4896af9af4dfa6f4baecfe14dafd43f3df09

    Download Submit

  • memory/2036-87-0x00000000050E0000-0x00000000050F1000-memory.dmp

    Filesize

    68KB

    Download