Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Formware.3....1.rar

windows10-1703-x64

10

Formware_3...on.exe

windows10-1703-x64

7

Formware3D_1165.msi

windows10-1703-x64

6

Analysis

  • max time kernel
    592s
  • max time network
    408s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    29/03/2024, 16:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Formware_3D_1-0-8-8_Trial-Reset_2_Activation.exe

  • Size

    678KB

  • MD5

    f8cc0c5190579654f633080bddb6265c

  • SHA1

    f286f101a0530dd9e091e5d34074a0a701ad7663

  • SHA256

    49a801a553d113a668ad2b61ffd93bd5d5d576235c81829cb0a21332ada25aeb

  • SHA512

    5dfc1adfc2a77693cabe15c300bd6a32effa4b3069eb8ca7d907ac340bff23474b78a13bdaa53306f6812d07b074230ccdf6e53d3c271ce4f609d2ce3f07808d

  • SSDEEP

    12288:RyIF9kLhvCxcHB0cRP/qSL9PoJzgqPlaeicSS+LqBs/P6YwoAe5dWT:RyI3kLtp+03bBuznaob+LqBs+feOT

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Formware_3D_1-0-8-8_Trial-Reset_2_Activation.exe
    "C:\Users\Admin\AppData\Local\Temp\Formware_3D_1-0-8-8_Trial-Reset_2_Activation.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4936
    • C:\Users\Admin\AppData\Local\Temp\is-9F9H3.tmp\Formware_3D_1-0-8-8_Trial-Reset_2_Activation.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-9F9H3.tmp\Formware_3D_1-0-8-8_Trial-Reset_2_Activation.tmp" /SL5="$501F8,246331,111616,C:\Users\Admin\AppData\Local\Temp\Formware_3D_1-0-8-8_Trial-Reset_2_Activation.exe"
      2⤵
      • Executes dropped EXE
      PID:4052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-9F9H3.tmp\Formware_3D_1-0-8-8_Trial-Reset_2_Activation.tmp
    Filesize

    754KB

    MD5

    d8467ca1f529c6c6decb1b82dbaed1df

    SHA1

    a4a21c366a4f4331e13bada80682a117c9d17be2

    SHA256

    d12e8487b5941b9552e2ad2f742938cff407cb80825ad4dbb1b54de2c706ce81

    SHA512

    03a519849743a7f71ae2974b4d5d08ceba8555f06ff8c64a4a99749bbef99d59f40effc34f3f8afbb56d8370c1171a5f5ba5de4d0ca830bfb28b16c5e6956257

    Download Submit

  • memory/4052-6-0x00000000001F0000-0x00000000001F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4052-9-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/4052-12-0x00000000001F0000-0x00000000001F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4936-0-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4936-2-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4936-8-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download