Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

cdb2f7f11d...fc.exe

windows7-x64

3

cdb2f7f11d...fc.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/03/2024, 09:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cdb2f7f11d89ab88c946a8d397e407fc.exe

  • Size

    107KB

  • MD5

    cdb2f7f11d89ab88c946a8d397e407fc

  • SHA1

    1d297b6b99a50ea82940f483a928eba0102bf9f4

  • SHA256

    fcf93ce4aaa45840be7dd57b5bbfc8c12f376ca7246721c52937276e72dd2745

  • SHA512

    67b33dcc0236aa91b261a7999772f34339b2f2442aae13f40287033294a6b29d4aa399803f0507d95b05ff80556c8c372c74c633080254883be4327003f4a392

  • SSDEEP

    3072:fBMzWD3JGi0DEtkbEriMzA8Vd42xfWcQ:pMw5+gtkYriMc8VdOcQ

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cdb2f7f11d89ab88c946a8d397e407fc.exe
    "C:\Users\Admin\AppData\Local\Temp\cdb2f7f11d89ab88c946a8d397e407fc.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Users\Admin\AppData\Local\Temp\cdb2f7f11d89ab88c946a8d397e407fc.exe
      "C:\Users\Admin\AppData\Local\Temp\cdb2f7f11d89ab88c946a8d397e407fc.exe" q
      2⤵
        PID:4740
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 820
          3⤵
          • Program crash
          PID:4940
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4740 -ip 4740
      1⤵
        PID:3712
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
        1⤵
          PID:3084
        • C:\Windows\System32\svchost.exe
          C:\Windows\System32\svchost.exe -k UnistackSvcGroup
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3468

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
          Filesize

          16KB

          MD5

          4c88d7da5727c82eb3b0e0d9203544d3

          SHA1

          13b6b11e22661836d1b5c61211b90baf5bec5d5a

          SHA256

          f3b0a919562b72551b53231df86170fa529a14698c33dd79c1b520381e2be41b

          SHA512

          05e179249c68a405a1d7d504e4369d75d6e2f8d52716dc7a4f2c9b886418bb1f6f1833db10d8d7b0b5b1891ef928f61102840103ccb2d1f7aa4553a3e2e7278f

          Download Submit

        • memory/2188-11-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2188-2-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2188-3-0x0000000000510000-0x0000000000540000-memory.dmp

          Filesize

          192KB

          Download

        • memory/2188-1-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2188-4-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/2188-0-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/3468-64-0x0000024ED8CC0000-0x0000024ED8CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3468-62-0x0000024ED8CC0000-0x0000024ED8CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3468-25-0x0000024ED0640000-0x0000024ED0650000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3468-41-0x0000024ED0740000-0x0000024ED0750000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3468-57-0x0000024ED8CA0000-0x0000024ED8CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3468-58-0x0000024ED8CC0000-0x0000024ED8CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3468-59-0x0000024ED8CC0000-0x0000024ED8CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3468-60-0x0000024ED8CC0000-0x0000024ED8CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3468-61-0x0000024ED8CC0000-0x0000024ED8CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3468-69-0x0000024ED88F0000-0x0000024ED88F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3468-63-0x0000024ED8CC0000-0x0000024ED8CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3468-68-0x0000024ED8900000-0x0000024ED8901000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3468-65-0x0000024ED8CC0000-0x0000024ED8CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3468-66-0x0000024ED8CC0000-0x0000024ED8CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3468-67-0x0000024ED8CC0000-0x0000024ED8CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4740-9-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4740-10-0x0000000000580000-0x00000000005B0000-memory.dmp

          Filesize

          192KB

          Download

        • memory/4740-8-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download