Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

e09fd91a8b...43.exe

windows7-x64

7

e09fd91a8b...43.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    67s
  • max time network
    50s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/04/2024, 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e09fd91a8b3724a42d78e8b72fc0f7e6e8ce91b8fac4a3577b87edd553688743.exe

  • Size

    148KB

  • MD5

    742419f6e299447176e0d02bec42f0e8

  • SHA1

    c43c6208e9830f7788775ff648eb85a0714c562f

  • SHA256

    e09fd91a8b3724a42d78e8b72fc0f7e6e8ce91b8fac4a3577b87edd553688743

  • SHA512

    9400ed5c2021e37bd64eac4cec4aa37580a748147f0790df6751a9f58c67cd333676e7255df513c8c31ee0366d6d4cacd9d81872d02757a1ef7073f7cd52344c

  • SSDEEP

    3072:BQ+t4BHNNRGtVJO96P4ZkuB4N6lZ4nEFjimAk/738:Gm4BHNNRGHP4ZLxz4nEF2kjs

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 1 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3564
      • C:\Users\Admin\AppData\Local\Temp\e09fd91a8b3724a42d78e8b72fc0f7e6e8ce91b8fac4a3577b87edd553688743.exe
        "C:\Users\Admin\AppData\Local\Temp\e09fd91a8b3724a42d78e8b72fc0f7e6e8ce91b8fac4a3577b87edd553688743.exe"
        2⤵
        • Drops file in Program Files directory
        PID:4140
    • C:\PROGRA~3\Mozilla\fccarae.exe
      C:\PROGRA~3\Mozilla\fccarae.exe -cxdgtgc
      1⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3672
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 508
        2⤵
        • Program crash
        PID:2020
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3672 -ip 3672
      1⤵
        PID:4572

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\Mozilla\fccarae.exe
        Filesize

        148KB

        MD5

        2b3d9d849fd971a178c31f54c7154af5

        SHA1

        fcb14f137612fa8357b5785f08e6609ba5136c97

        SHA256

        6fcea91da20b5de60ea958f62a92bb908a87f81a1d1acbf3e2e602ed2fe082a9

        SHA512

        8181903c13505bdce4dcd3a9d440a80fd399b1a754f344b4fa6163da94b8d1b0a56c9fa95aee1c5df8a3ec7249dc6aff19608675a3781bccbb384c1f4bf45ceb

        Download Submit

      • memory/3564-11-0x0000000000830000-0x000000000084C000-memory.dmp

        Filesize

        112KB

        Download

      • memory/3672-8-0x0000000000400000-0x000000000045F000-memory.dmp

        Filesize

        380KB

        Download

      • memory/3672-6-0x0000000002120000-0x000000000217F000-memory.dmp

        Filesize

        380KB

        Download

      • memory/3672-12-0x0000000000400000-0x000000000045F000-memory.dmp

        Filesize

        380KB

        Download

      • memory/4140-0-0x00000000005F0000-0x000000000064F000-memory.dmp

        Filesize

        380KB

        Download

      • memory/4140-1-0x0000000000400000-0x000000000045F000-memory.dmp

        Filesize

        380KB

        Download

      • memory/4140-9-0x0000000000400000-0x000000000045F000-memory.dmp

        Filesize

        380KB

        Download

      • memory/4140-10-0x00000000005F0000-0x000000000064F000-memory.dmp

        Filesize

        380KB

        Download