Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2d2d4654fe...0e.exe

windows7-x64

7

2d2d4654fe...0e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2024, 18:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe

  • Size

    197KB

  • MD5

    3a56b4bfdc3e26faf2f9a25a9d0b99bb

  • SHA1

    6d3eb841a2ef53ac973af87285016e03035da334

  • SHA256

    2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e

  • SHA512

    b312241b47fe80bf50c0d693e3904420ff91f387c7bbf7599b4e74a76336125df1e7848b8b0d2f2f238d35ccae8407f27368079db5b4033ad6dd70f6847bc264

  • SSDEEP

    3072:zy7MbiS1bE8Pt/fXDYxCBwmdWfIv0koEpZAWCuSE3mX76mFSYkP9+A4j:uIbiS1VuC5MJEpj0RX76m1kV+A

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe
    "C:\Users\Admin\AppData\Local\Temp\2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1528
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 408
      2⤵
      • Program crash
      PID:680
    • C:\Users\Admin\AppData\Local\Temp\2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe
      C:\Users\Admin\AppData\Local\Temp\2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2252
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 376
        3⤵
        • Program crash
        PID:2340
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1528 -ip 1528
    1⤵
      PID:1592
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2252 -ip 2252
      1⤵
        PID:1832

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe
        Filesize

        197KB

        MD5

        458b332e9fdc8bf7d6359807cc67f283

        SHA1

        33126356e7e82d66cf8be1b0d92d7830c321154f

        SHA256

        b0281382a0d7e61a4da4482a9b8b6534fd70fff9eb7743b6f55d117bf743db1b

        SHA512

        43714ee3f3fdb81fde2c6d5f8502b0d369f86bd43675dec4db87c7b1cc27a99e27fa77b1959a6b5cf4d5c0625b46bcaca23623be3d1c4eb637422c96bbe06d40

        Download Submit

      • memory/1528-0-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

        Download

      • memory/1528-6-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

        Download

      • memory/2252-7-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

        Download

      • memory/2252-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/2252-11-0x0000000001460000-0x0000000001499000-memory.dmp

        Filesize

        228KB

        Download