Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    141s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/02/2024, 17:24

General

  • Target

    a9bc784d21742e90c8127d35754fda47.exe

  • Size

    1.3MB

  • MD5

    a9bc784d21742e90c8127d35754fda47

  • SHA1

    53c24b8ee8d8f3f4aecd2e87225a0690689a3744

  • SHA256

    7920d332c21e77266318ef62494dd7217d1249a620c7009fc6e6ebc863621a1a

  • SHA512

    c102faf6636dd6ae98f162d489540331b47f7fa61c04ed8e52154bf54421af5216083757fa2646239e8ac5a180de9954a5b40d8ae77f80ae6610e0268e257923

  • SSDEEP

    24576:d3CSoKiMcPfcyAdFR69feE8jZ7H5W0ca6u9cPPjBsk6EtfmK3ZogvG:duPKFs9P8jW0cJu2dss1mK

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a9bc784d21742e90c8127d35754fda47.exe
    "C:\Users\Admin\AppData\Local\Temp\a9bc784d21742e90c8127d35754fda47.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2936
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 36
      2⤵
      • Program crash
      PID:2012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2936-0-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB

  • memory/2936-1-0x0000000000400000-0x000000000086A000-memory.dmp

    Filesize

    4.4MB