Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

d6c540b87b...7e.exe

windows7-x64

1

d6c540b87b...7e.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/03/2024, 18:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d6c540b87b496aff6a3ffa75f827d67e.exe

  • Size

    499KB

  • MD5

    d6c540b87b496aff6a3ffa75f827d67e

  • SHA1

    ed36e59532f66cdb7d9810e6265005f19a89d774

  • SHA256

    b57cef7287385e4a1e804ea7bc7780aca047d7db67ccaee0ec312acd3719907f

  • SHA512

    0a704082965a044a67107739317e7977afe89a2c084d1482c7c8507c1578d28eec5cefa84161f7e769fa8edf4ae0056855d101a1513237c4b9c29be2c713a8d9

  • SSDEEP

    12288:9Gf4LJX4zRiiGFxmfNJ6El+nsjOQGRLNtTirdLybfy:9pX4zR3gxMi2+sfGR7TEdLyb6

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d6c540b87b496aff6a3ffa75f827d67e.exe
    "C:\Users\Admin\AppData\Local\Temp\d6c540b87b496aff6a3ffa75f827d67e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4556
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" ¨Á
      2⤵
        PID:4060
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 632
        2⤵
        • Program crash
        PID:2492
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4556 -ip 4556
      1⤵
        PID:3640

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4556-0-0x0000000000400000-0x00000000004F2000-memory.dmp

        Filesize

        968KB

        Download

      • memory/4556-1-0x00000000022E0000-0x0000000002323000-memory.dmp

        Filesize

        268KB

        Download

      • memory/4556-2-0x00000000024D0000-0x00000000024D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4556-3-0x00000000022C0000-0x00000000022C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4556-5-0x00000000024B0000-0x00000000024B1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4556-4-0x00000000022B0000-0x00000000022B1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4556-11-0x00000000027D0000-0x00000000027D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4556-10-0x00000000024F0000-0x00000000024F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4556-9-0x0000000002560000-0x0000000002561000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4556-8-0x0000000002580000-0x0000000002581000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4556-7-0x0000000002570000-0x0000000002571000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4556-6-0x0000000002530000-0x0000000002538000-memory.dmp

        Filesize

        32KB

        Download

      • memory/4556-12-0x0000000000400000-0x00000000004F2000-memory.dmp

        Filesize

        968KB

        Download

      • memory/4556-13-0x00000000022E0000-0x0000000002323000-memory.dmp

        Filesize

        268KB

        Download