Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a287671dfb...91.exe

windows7-x64

7

a287671dfb...91.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    142s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24/02/2024, 19:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a287671dfbddc37a5ac461d876799491.exe

  • Size

    216KB

  • MD5

    a287671dfbddc37a5ac461d876799491

  • SHA1

    eda96f61a549200366669cec780cd20e755b502d

  • SHA256

    c9e428e9a4ca178522b0c7076de465c2d6bf6165477038af6791944f59e7ed40

  • SHA512

    4d41f091ab43316ebeae82339d873df8fdc5e6b8c45240ace61de66b0974d742665e21a0aef3a9cd7395020fbd32319e2fbe398113b60474b4f3371770fffc3d

  • SSDEEP

    3072:ak0JXXOeQbKbdt1jZYavVkWEsOpH1f1H7SRU32YWQdQv2V7niJVG7p:abFOegEtFusOpVggWkNiJE

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a287671dfbddc37a5ac461d876799491.exe
    "C:\Users\Admin\AppData\Local\Temp\a287671dfbddc37a5ac461d876799491.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1368
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 264
      2⤵
      • Loads dropped DLL
      • Program crash
      PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\a287671dfbddc37a5ac461d876799491.exe
    Filesize

    29KB

    MD5

    6c43f99af78875f8a7d7bf5c66690a6b

    SHA1

    198cd7ed87d734075908dd8003cddbc6ea3e7fd1

    SHA256

    6482ffd2614e76926cd3edeb2acc114903ab3e7d16b36a339b65f9f509008f39

    SHA512

    2a1b66c845f2e1df5e947d8156f64ac5b65915c23e335f7078587219bc7e48fcd983210b6b3dd26a6c8a590892b9eae0884111029442927086791f1dfd7fb44a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\a287671dfbddc37a5ac461d876799491.exe
    Filesize

    223KB

    MD5

    bd1161c7569b1af99744c623f6df231a

    SHA1

    a71913d2223372b4e48a91f1018b18b16d9d8cd4

    SHA256

    d1ed6ebd3d0d14b1fb3ef742c32d4dcda4a86bdda43d1ff4140d20f0aa96e119

    SHA512

    1904d4c68fc6722a460a48c68cfe40021a5a903313f0ab9a3a6a934fb74717ea926a5397170940038ca62ba2b58abfc96228e6b4b831cb691e1e7f25876085c8

    Download Submit

  • memory/1368-0-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/1368-4-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/1368-3-0x0000000000230000-0x0000000000232000-memory.dmp

    Filesize

    8KB

    Download