Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

4bc0c6bbea...05.exe

windows7-x64

7

4bc0c6bbea...05.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/03/2024, 19:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4bc0c6bbea024b48d3428ebbf8d2fabe644c246e1a2453d8c0f48512ff4b3e05.exe

  • Size

    1.1MB

  • MD5

    b93479f08d381d5e2e88a14163b7e1d2

  • SHA1

    e53978f28c27eb4f4a1383445d992070ab4aee6c

  • SHA256

    4bc0c6bbea024b48d3428ebbf8d2fabe644c246e1a2453d8c0f48512ff4b3e05

  • SHA512

    4a41c417747223d60a3d1a21d30ef49e31ff797ecf98ed24b4ea4860ca118758745f1989b50d442aea5b1239274da46a957cfd5fb8fe259919273a87f6887ec0

  • SSDEEP

    12288:0thlUijvH9IVyDgaLjjVDa/ZS4fD7HnhvMCtjW:0thlUamEDzLRa/ZS4fDDueC

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 3 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4bc0c6bbea024b48d3428ebbf8d2fabe644c246e1a2453d8c0f48512ff4b3e05.exe
    "C:\Users\Admin\AppData\Local\Temp\4bc0c6bbea024b48d3428ebbf8d2fabe644c246e1a2453d8c0f48512ff4b3e05.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:3972
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 344
      2⤵
      • Program crash
      PID:1604
    • C:\Users\Admin\AppData\Local\Temp\4bc0c6bbea024b48d3428ebbf8d2fabe644c246e1a2453d8c0f48512ff4b3e05.exe
      C:\Users\Admin\AppData\Local\Temp\4bc0c6bbea024b48d3428ebbf8d2fabe644c246e1a2453d8c0f48512ff4b3e05.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3380
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 352
        3⤵
        • Program crash
        PID:1824
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 352
        3⤵
        • Program crash
        PID:1164
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3972 -ip 3972
    1⤵
      PID:924
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3380 -ip 3380
      1⤵
        PID:1128
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3380 -ip 3380
        1⤵
          PID:4440
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1268 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
          1⤵
            PID:4924

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\4bc0c6bbea024b48d3428ebbf8d2fabe644c246e1a2453d8c0f48512ff4b3e05.exe
            Filesize

            1.1MB

            MD5

            82c5eadd597c6d1233c48e7613bd224e

            SHA1

            4da6943f7fcc13388712f420ff8bf6f932febc8c

            SHA256

            75c87692a546d50e2560e6c2595df6d5974948cb72a40e5e7dcd2bd774d4a468

            SHA512

            1b6be057eff00acbc28f5a0549fc0603064aa9334b10c98f51a85e043a3fabb86a78affff5a46d0493334bbbbef39ca2ea858e4d4260877f882ce954c9fa0f10

            Download Submit

          • memory/3380-7-0x0000000000400000-0x00000000004EF000-memory.dmp

            Filesize

            956KB

            Download

          • memory/3380-8-0x0000000004F90000-0x000000000507F000-memory.dmp

            Filesize

            956KB

            Download

          • memory/3380-9-0x0000000000400000-0x00000000004A3000-memory.dmp

            Filesize

            652KB

            Download

          • memory/3972-0-0x0000000000400000-0x00000000004EF000-memory.dmp

            Filesize

            956KB

            Download

          • memory/3972-6-0x0000000000400000-0x00000000004EF000-memory.dmp

            Filesize

            956KB

            Download