Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

79656d27a1...83.exe

windows7-x64

7

79656d27a1...83.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    66s
  • max time network
    52s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/04/2024, 22:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    79656d27a101f43221cf47c33d36c984e0b0c6a0699a1433d5fbeeef7eb77183.exe

  • Size

    320KB

  • MD5

    a121a17e533b1855b8942025d6a8fb61

  • SHA1

    935ddfe88d0449877ebf9e058883f917a331432f

  • SHA256

    79656d27a101f43221cf47c33d36c984e0b0c6a0699a1433d5fbeeef7eb77183

  • SHA512

    53bd0bab6aa6f0779bf500aca1dc25245671e83c920476adec522147e57ad0e9a4fe90441557a458c3e6259f63702c789496865973467613cecaca13b337c303

  • SSDEEP

    6144:KQFNjeCCCCKb9EMU/NELJjaMOJZitfXzV40saiigCz:KQFJnCKhG1UJmMQZitfzVQ5zCz

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\79656d27a101f43221cf47c33d36c984e0b0c6a0699a1433d5fbeeef7eb77183.exe
    "C:\Users\Admin\AppData\Local\Temp\79656d27a101f43221cf47c33d36c984e0b0c6a0699a1433d5fbeeef7eb77183.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:3936
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 396
      2⤵
      • Program crash
      PID:232
    • C:\Users\Admin\AppData\Local\Temp\79656d27a101f43221cf47c33d36c984e0b0c6a0699a1433d5fbeeef7eb77183.exe
      C:\Users\Admin\AppData\Local\Temp\79656d27a101f43221cf47c33d36c984e0b0c6a0699a1433d5fbeeef7eb77183.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:5032
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 364
        3⤵
        • Program crash
        PID:676
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3936 -ip 3936
    1⤵
      PID:4920
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 5032 -ip 5032
      1⤵
        PID:1364

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\79656d27a101f43221cf47c33d36c984e0b0c6a0699a1433d5fbeeef7eb77183.exe
        Filesize

        320KB

        MD5

        fef7e01e1d02189a6ccaa16db3862daa

        SHA1

        852aa6f25ba69a01cc7f04421c23f6e80f138ff6

        SHA256

        e0ec1ee00f6c8f4d95d6b36cdcb82aa46cced79af98907f47f0a28ae299fa27e

        SHA512

        474da27b3c777714d81f060c488773dec7dc9f9897f90d99d12300c6a9fe73e49e96824d693a1a4d058733d8a2219d79dfbbfd40c4b250cbc3f7bc11ea4fdf46

        Download Submit

      • memory/3936-0-0x0000000000400000-0x0000000000440000-memory.dmp

        Filesize

        256KB

        Download

      • memory/3936-6-0x0000000000400000-0x0000000000440000-memory.dmp

        Filesize

        256KB

        Download

      • memory/5032-7-0x0000000000400000-0x0000000000440000-memory.dmp

        Filesize

        256KB

        Download

      • memory/5032-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/5032-13-0x0000000003D70000-0x0000000003DB0000-memory.dmp

        Filesize

        256KB

        Download