Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

bbbb6a9747...2e.exe

windows7-x64

7

bbbb6a9747...2e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/03/2024, 23:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bbbb6a9747e47b553b8b47593d8ba6a40f248a72524561242224f5d81071cd2e.exe

  • Size

    320KB

  • MD5

    740bc01ab36a7b6268f6a6bf7a3d1fcc

  • SHA1

    a5fe5b21f8391bcbfd0f733b9c4a85d8ae7941e0

  • SHA256

    bbbb6a9747e47b553b8b47593d8ba6a40f248a72524561242224f5d81071cd2e

  • SHA512

    0bb297e8809c8da11f2807520fe9e81c93399341cb517c64e348f39cdb1b6c835b1f6a48e5fecf7f6bfd2e1b3d0db6408865f0b0ca34754bec1b342d9615a203

  • SSDEEP

    6144:mtDvPrC+HaIucU1UyaKf8VHRRbX53BDu0W7cyqCxSngmMBqfycuPbUl0i5j:+6+0baTvJRxX53p80npM4dl0s

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 6 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bbbb6a9747e47b553b8b47593d8ba6a40f248a72524561242224f5d81071cd2e.exe
    "C:\Users\Admin\AppData\Local\Temp\bbbb6a9747e47b553b8b47593d8ba6a40f248a72524561242224f5d81071cd2e.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1480
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 384
      2⤵
      • Program crash
      PID:4492
    • C:\Users\Admin\AppData\Local\Temp\bbbb6a9747e47b553b8b47593d8ba6a40f248a72524561242224f5d81071cd2e.exe
      C:\Users\Admin\AppData\Local\Temp\bbbb6a9747e47b553b8b47593d8ba6a40f248a72524561242224f5d81071cd2e.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3936
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 352
        3⤵
        • Program crash
        PID:4292
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 772
        3⤵
        • Program crash
        PID:4028
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 792
        3⤵
        • Program crash
        PID:3188
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 800
        3⤵
        • Program crash
        PID:4572
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 780
        3⤵
        • Program crash
        PID:4336
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1480 -ip 1480
    1⤵
      PID:4404
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 3936 -ip 3936
      1⤵
        PID:1572
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3936 -ip 3936
        1⤵
          PID:4692
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3936 -ip 3936
          1⤵
            PID:3476
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3936 -ip 3936
            1⤵
              PID:3008
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3936 -ip 3936
              1⤵
                PID:3796

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\bbbb6a9747e47b553b8b47593d8ba6a40f248a72524561242224f5d81071cd2e.exe
                Filesize

                320KB

                MD5

                19e8691f1976b395962bb263589aef32

                SHA1

                1e7d39e03d8c8a8a849c493e47370b1d916b0dc2

                SHA256

                763cb7fb9b8b9f814217d79e82f297570d58cd50b7ddcddf13f89f6b2d513ba7

                SHA512

                9f59889f2fece15dbcefa8b8d7400d19a1c4073d18c8b2ab84ddf53b357f006ba522af8e1b61cd520fd364ef4d32caa395989faba2e12157d0598f96aae112f1

                Download Submit

              • memory/1480-0-0x0000000000400000-0x000000000043C000-memory.dmp

                Filesize

                240KB

                Download

              • memory/1480-6-0x0000000000400000-0x000000000043C000-memory.dmp

                Filesize

                240KB

                Download

              • memory/3936-7-0x0000000000400000-0x000000000043C000-memory.dmp

                Filesize

                240KB

                Download

              • memory/3936-8-0x0000000004D90000-0x0000000004DCC000-memory.dmp

                Filesize

                240KB

                Download

              • memory/3936-9-0x0000000000400000-0x0000000000415000-memory.dmp

                Filesize

                84KB

                Download