Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

f9584ea336...d5.exe

windows7-x64

3

f9584ea336...d5.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/05/2024, 10:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f9584ea336f4aa0fbb29d7c5a90d33b2b93f492f4ee30be554f79866abafd5d5.exe

  • Size

    4.3MB

  • MD5

    cbc6259e0983460e2916ff786217139d

  • SHA1

    7484040e31c28ab183e815e23812717f3517217b

  • SHA256

    f9584ea336f4aa0fbb29d7c5a90d33b2b93f492f4ee30be554f79866abafd5d5

  • SHA512

    64ffeb52cc1867632bb4b452fb09dcd9afd378ef908888928654624ef191d5c7442810a51ceda16d1a2e471438f607a57e36c92632f13821e92082f9b2e6331a

  • SSDEEP

    49152:31S1zFNBxoFmiPilPyGo97uTfzX80thsHvrZlX0UuvZPGkK8N1PapB1wFiSQRU+D:3CZkPilPgcX807sPrZheuSZG/rRM98

Score
8/10

Malware Config

Signatures

  • Manipulates Digital Signatures 1 TTPs 3 IoCs

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f9584ea336f4aa0fbb29d7c5a90d33b2b93f492f4ee30be554f79866abafd5d5.exe
    "C:\Users\Admin\AppData\Local\Temp\f9584ea336f4aa0fbb29d7c5a90d33b2b93f492f4ee30be554f79866abafd5d5.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:912
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\f9584ea336f4aa0fbb29d7c5a90d33b2b93f492f4ee30be554f79866abafd5d5.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2324
      • C:\Windows\SysWOW64\certutil.exe
        certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\f9584ea336f4aa0fbb29d7c5a90d33b2b93f492f4ee30be554f79866abafd5d5.exe" MD5
        3⤵
        • Manipulates Digital Signatures
        PID:3164
      • C:\Windows\SysWOW64\find.exe
        find /i /v "md5"
        3⤵
          PID:1456
        • C:\Windows\SysWOW64\find.exe
          find /i /v "certutil"
          3⤵
            PID:544
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 872
          2⤵
          • Program crash
          PID:4468
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 912 -ip 912
        1⤵
          PID:2328

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads