Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

939d6037b8...49.exe

windows7-x64

7

939d6037b8...49.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/05/2024, 02:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    939d6037b841f2ec3616bf3ea35983417d5fb98f15e6d4958fcca3d51069e049.exe

  • Size

    272KB

  • MD5

    1d09f0ea514e1ced48730193bef07679

  • SHA1

    ccc2f6b71f3a9c60461e8d05ed7082cfcdd3618e

  • SHA256

    939d6037b841f2ec3616bf3ea35983417d5fb98f15e6d4958fcca3d51069e049

  • SHA512

    b417f23e50a6679de675bd9bd7081d3ee86a568e6564359cdab40c19670ad8d081a1103891a1b5f6fe3afe31f11e2aad6b24ec25f6177389c5638a80fa1cee2d

  • SSDEEP

    6144:av42c+QlWIzqSsOHdNkOg/Zg4lPHdKzw6V40saiZ:MjWsIOSsOHvkOg/7P9Mw6VQ5Z

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\939d6037b841f2ec3616bf3ea35983417d5fb98f15e6d4958fcca3d51069e049.exe
    "C:\Users\Admin\AppData\Local\Temp\939d6037b841f2ec3616bf3ea35983417d5fb98f15e6d4958fcca3d51069e049.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2780
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 372
      2⤵
      • Program crash
      PID:4904
    • C:\Users\Admin\AppData\Local\Temp\939d6037b841f2ec3616bf3ea35983417d5fb98f15e6d4958fcca3d51069e049.exe
      C:\Users\Admin\AppData\Local\Temp\939d6037b841f2ec3616bf3ea35983417d5fb98f15e6d4958fcca3d51069e049.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:912
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 364
        3⤵
        • Program crash
        PID:1808
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2780 -ip 2780
    1⤵
      PID:1748
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 912 -ip 912
      1⤵
        PID:4180

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\939d6037b841f2ec3616bf3ea35983417d5fb98f15e6d4958fcca3d51069e049.exe
        Filesize

        272KB

        MD5

        64dfbd74bb0eb6ddab9fe2d1634e6607

        SHA1

        90a630729cbf9fd445f2aa2ae5324d9c73931963

        SHA256

        9de27c74f097f69649e23d0a5aba16b1ede20221960476e72270bccf474271ac

        SHA512

        a924610c8fe578508827f53679604d6229bc99843f52be2f0dd56910ce93a713055793e13976c20c76b37186e7a4f678939e227728b8d6a63f45896e91090ab1

        Download Submit

      • memory/912-7-0x0000000000400000-0x0000000000441000-memory.dmp

        Filesize

        260KB

        Download

      • memory/912-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/912-13-0x0000000004D60000-0x0000000004DA1000-memory.dmp

        Filesize

        260KB

        Download

      • memory/2780-0-0x0000000000400000-0x0000000000441000-memory.dmp

        Filesize

        260KB

        Download

      • memory/2780-6-0x0000000000400000-0x0000000000441000-memory.dmp

        Filesize

        260KB

        Download