Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

cb80869a17...7b.exe

windows7-x64

7

cb80869a17...7b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/03/2024, 13:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cb80869a170419940ac71d58248ff87b.exe

  • Size

    960KB

  • MD5

    cb80869a170419940ac71d58248ff87b

  • SHA1

    b1eddea891c74e3f0cb64aeeb36b62e4581481a4

  • SHA256

    14e1964f8262755deca25fb63ad706450dd1495aed9e984dd20207f7cbcd7860

  • SHA512

    63ed5a97e21b5bfd3b35eb8ed83f7de8dbada08e0261a8e8d1b42533c74eb3f21d54bc1a956d6d4bd7a28d50787daf37957df66536bf25417ee1316d07e07757

  • SSDEEP

    24576:fob9GXioEE6FY5fQ5emJYeXOxXzF6oHU9gfV:fohGXiBE6FY1ps656tgd

Score
7/10

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cb80869a170419940ac71d58248ff87b.exe
    "C:\Users\Admin\AppData\Local\Temp\cb80869a170419940ac71d58248ff87b.exe"
    1⤵
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4900
    • C:\Users\Admin\AppData\Local\Temp\cb80869a170419940ac71d58248ff87b.exe
      "C:\Users\Admin\AppData\Local\Temp\cb80869a170419940ac71d58248ff87b.exe" Track="0001001000"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1048
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 2064
        3⤵
        • Program crash
        PID:3900
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 2016
        3⤵
        • Program crash
        PID:4904
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1048 -ip 1048
    1⤵
      PID:4804
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1048 -ip 1048
      1⤵
        PID:1976

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1048-3-0x0000000000400000-0x00000000004EA000-memory.dmp

        Filesize

        936KB

        Download

      • memory/1048-5-0x0000000000400000-0x00000000004EA000-memory.dmp

        Filesize

        936KB

        Download

      • memory/1048-6-0x0000000000400000-0x00000000004EA000-memory.dmp

        Filesize

        936KB

        Download

      • memory/1048-7-0x0000000000400000-0x00000000004EA000-memory.dmp

        Filesize

        936KB

        Download

      • memory/1048-8-0x0000000000400000-0x00000000004EA000-memory.dmp

        Filesize

        936KB

        Download

      • memory/1048-9-0x0000000000400000-0x00000000004EA000-memory.dmp

        Filesize

        936KB

        Download

      • memory/1048-10-0x0000000000400000-0x00000000004EA000-memory.dmp

        Filesize

        936KB

        Download

      • memory/1048-11-0x0000000000400000-0x00000000004EA000-memory.dmp

        Filesize

        936KB

        Download

      • memory/4900-0-0x0000000000400000-0x0000000000570000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/4900-1-0x0000000000710000-0x0000000000713000-memory.dmp

        Filesize

        12KB

        Download

      • memory/4900-4-0x0000000000400000-0x0000000000570000-memory.dmp

        Filesize

        1.4MB

        Download