c5a3dbeea17ddba50482e7844a817171580f977dcea9ad7b655d39a934b93b93

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1d059ca891...d4.exe

windows10-2004-x64

1d90edda9f...51.exe

windows7-x64

1d90edda9f...51.exe

windows10-2004-x64

1e44c41d8d...91.exe

windows10-2004-x64

1ed736973c...3e.exe

windows10-2004-x64

559234fc52...e2.exe

windows10-2004-x64

5a4570005d...a4.exe

windows7-x64

5a4570005d...a4.exe

windows10-2004-x64

61f1a776dc...62.exe

windows10-2004-x64

67045db960...01.exe

windows10-2004-x64

6d684b37ca...5c.exe

windows10-2004-x64

77cbabe9fe...cf.exe

windows7-x64

77cbabe9fe...cf.exe

windows10-2004-x64

8a73bb4899...c3.exe

windows10-2004-x64

8db3c27c31...88.exe

windows7-x64

8db3c27c31...88.exe

windows10-2004-x64

b72cfb2517...df.exe

windows10-2004-x64

c2ef692d84...7e.exe

windows7-x64

c2ef692d84...7e.exe

windows10-2004-x64

c39106a352...4e.exe

windows7-x64

c39106a352...4e.exe

windows10-2004-x64

ca6d56a637...da.exe

windows10-2004-x64

db14966ca7...cb.exe

windows7-x64

db14966ca7...cb.exe

windows10-2004-x64

e800205bb9...fd.exe

windows7-x64

e800205bb9...fd.exe

windows10-2004-x64

f8a2da44f9...41.exe

windows10-2004-x64

fc8b501a18...d3.exe

windows7-x64

fc8b501a18...d3.exe

windows10-2004-x64

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 12:29 UTC

Sharing

Copy URL

Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1d059ca891566e0006cb4534dc4ff845fedd1d3d468c12366e12f98a815ed7d4.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851.exe

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851.exe

Resource

win10v2004-20240426-en

redline 7001210066 discovery infostealer

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral4

Sample

1e44c41d8d889c0d0e018128db620f95ba933996ae31dd11da4f5d407c764691.exe

Resource

win10v2004-20240508-en

amadey healer redline krast dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral5

Sample

1ed736973ca7eb70129cafb36c292298f34a8a710160e69aeec7ad93760ed83e.exe

Resource

win10v2004-20240426-en

amadey healer redline smokeloader roma backdoor dropper evasion infostealer persistence trojan

windows10-2004-x64

17 signatures

150 seconds

Behavioral task

behavioral6

Sample

559234fc528754d07d788aa5eff30aba166a9bab82e9eda45a9737647b0e9fe2.exe

Resource

win10v2004-20240426-en

amadey healer redline lande dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral7

Sample

5a4570005d13d7c9c706dbdc0cc5ee5b8dfd33f7be6a6204a95d2134e3a483a4.exe

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral8

Sample

5a4570005d13d7c9c706dbdc0cc5ee5b8dfd33f7be6a6204a95d2134e3a483a4.exe

Resource

win10v2004-20240426-en

redline 7001210066 discovery infostealer

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral9

Sample

61f1a776dcd13885a5979397d5b945e89d26cfcfe61e000ac89070e4a45bc562.exe

Resource

win10v2004-20240508-en

healer redline dumud dropper evasion infostealer persistence trojan

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral10

Sample

67045db9602c0bb02004555fcae5f1c816ba6ebea367c933be035b042c153501.exe

Resource

win10v2004-20240426-en

healer redline lamp dropper evasion infostealer persistence trojan

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral11

Sample

6d684b37ca877d403cebced125fab4f36a37e290840da5678e0d43fd35796a5c.exe

Resource

win10v2004-20240508-en

amadey healer smokeloader backdoor dropper evasion persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral12

Sample

77cbabe9fe3b8b9ac3422f2b29fbcb0cdb9ee85c7b64b2bde48da25f6ef608cf.exe

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral13

Sample

77cbabe9fe3b8b9ac3422f2b29fbcb0cdb9ee85c7b64b2bde48da25f6ef608cf.exe

Resource

win10v2004-20240508-en

lumma stealer

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral14

Sample

8a73bb4899be69e1a77d74c46f81ca29b85b5c67b642e09f9735dec87b8b4cc3.exe

Resource

win10v2004-20240508-en

healer redline dumud dropper evasion infostealer persistence trojan

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral15

Sample

8db3c27c31541a43d1adeae01ca7caf3f0c8d6e3733168917ea04d58d7e4a488.exe

Resource

win7-20240220-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral16

Sample

8db3c27c31541a43d1adeae01ca7caf3f0c8d6e3733168917ea04d58d7e4a488.exe

Resource

win10v2004-20240226-en

redline 7001210066 discovery infostealer

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral17

Sample

b72cfb25178ac78d0dfae350873df231a1f4266a913f47acc5018b87cae84bdf.exe

Resource

win10v2004-20240426-en

amadey healer redline smokeloader lande backdoor dropper evasion infostealer persistence trojan

windows10-2004-x64

17 signatures

150 seconds

Behavioral task

behavioral18

Sample

c2ef692d84f694cd08e3238ae431c5636be2dc51342782c20a577eb05217557e.exe

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral19

Sample

c2ef692d84f694cd08e3238ae431c5636be2dc51342782c20a577eb05217557e.exe

Resource

win10v2004-20240508-en

redline zgrat discovery infostealer rat spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral20

Sample

c39106a3520b59f859a00bc0014f6b5a4846b40742a925b66283b31e62094c4e.exe

Resource

win7-20240508-en

healer dropper evasion trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral21

Sample

c39106a3520b59f859a00bc0014f6b5a4846b40742a925b66283b31e62094c4e.exe

Resource

win10v2004-20240508-en

healer dropper evasion trojan

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral22

Sample

ca6d56a637f121ee6406def5cf89663c3e54b2e175e98d4469fb3e3a46e190da.exe

Resource

win10v2004-20240426-en

healer redline lamp dropper evasion infostealer persistence trojan

windows10-2004-x64

12 signatures

150 seconds

Behavioral task

behavioral23

Sample

db14966ca75480a4e8f9f3d18c7bada2f205a1ac7404dbeda068279afa55b1cb.exe

Resource

win7-20240215-en

redline lux3 infostealer

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral24

Sample

db14966ca75480a4e8f9f3d18c7bada2f205a1ac7404dbeda068279afa55b1cb.exe

Resource

win10v2004-20240508-en

redline lux3 infostealer

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral25

Sample

e800205bb9a5d3866d735915080e828250891d7d9c930245afd8def35dd08dfd.exe

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral26

Sample

e800205bb9a5d3866d735915080e828250891d7d9c930245afd8def35dd08dfd.exe

Resource

win10v2004-20240508-en

redline 5195552529 discovery infostealer spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral27

Sample

f8a2da44f9c18482323d9e1ed99567d3a35b95656bc1b023d86e12f305565c41.exe

Resource

win10v2004-20240226-en

amadey healer dropper evasion persistence trojan

windows10-2004-x64

12 signatures

150 seconds

Behavioral task

behavioral28

Sample

fc8b501a1823496ec4685f1c935710517b2ee5331f98bf10c5eb7b69350e59d3.exe

Resource

win7-20240215-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral29

Sample

fc8b501a1823496ec4685f1c935710517b2ee5331f98bf10c5eb7b69350e59d3.exe

Resource

win10v2004-20240508-en

lumma stealer

windows10-2004-x64

4 signatures

150 seconds

Report Analysis Logs

General

Target

1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851.exe
Size

294KB
MD5

19b2c4ee9781e95ecd5db74de6fef0a9
SHA1

fd5f11a55b1d7be9afc06faa72b27d6d19706c17
SHA256

1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851
SHA512

ea137d3330c7fbdca25da29639447211fb36ca49f8e77f38b2b6428adae63ee097ce1564fd4edc0742b39c13854d868dc87f8f08bfa9b5698ad2149a7c1843ef
SSDEEP

6144:hTwlNlUt5IpFvjcFRh2/GpOZMNG5L3cYp8eesbZ6O0:QlUt5IpJMLp8J3N8eesbIO0

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1912	2008	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 1912	2008	1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851.exe	29
PID 2008 wrote to memory of 1912	2008	1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851.exe	29
PID 2008 wrote to memory of 1912	2008	1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851.exe	29
PID 2008 wrote to memory of 1912	2008	1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851.exe	29

Processes

C:\Users\Admin\AppData\Local\Temp\1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851.exe
"C:\Users\Admin\AppData\Local\Temp\1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 92
  2⤵
  - Program crash
  PID:1912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2008-0-0x0000000000C29000-0x0000000000C2A000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.