Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

09/06/2024, 14:42

240609-r26w1abf3v 3

09/06/2024, 14:29

240609-rtzsqabe4x 8

Analysis

  • max time kernel
    52s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/06/2024, 14:42

General

  • Target

    129121540_2359416601_1804023753.exe

  • Size

    1.1MB

  • MD5

    aa68830dd0f0ef5274c7ab785fb95a37

  • SHA1

    c09d2af1d51532e2c5d834a62078f8d383c82e91

  • SHA256

    aee79791e6186b79bf0164dc334978af9d10a5c70af345ae5690949acd162a74

  • SHA512

    bf57bdafaaa12bf9517c976a7c7e8e9dfb185e94e35a9d0a359552d27c8adb82a2b3e3ed03ebfbb7f5c48f174495fa9ba3387c18be99f8d4b2b982665e874aa5

  • SSDEEP

    24576:RQYU7Lj4NQn77tPp4QhK2tbuLnflgNCa4MIM8mB3Bn2qfG/dpJGK:R/Qv4Ns77MiK2holgpr7n2IapQ

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\129121540_2359416601_1804023753.exe
    "C:\Users\Admin\AppData\Local\Temp\129121540_2359416601_1804023753.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2876 -s 248
      2⤵
        PID:3004

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2876-0-0x000000013F980000-0x000000013FBED000-memory.dmp

      Filesize

      2.4MB

    • memory/2876-1-0x0000000001E90000-0x0000000002E90000-memory.dmp

      Filesize

      16.0MB

    • memory/2876-2-0x000000013F980000-0x000000013FBED000-memory.dmp

      Filesize

      2.4MB

    • memory/2876-4-0x0000000001E90000-0x0000000002E90000-memory.dmp

      Filesize

      16.0MB