Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3d3de26239...eb.exe

windows7-x64

7

3d3de26239...eb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    51s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/06/2024, 20:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d3de26239356fd97bcf46873c461cda733e751b35c84bf007dab50464fe92eb.exe

  • Size

    223KB

  • MD5

    cc6f609429a9b8e9d8d219043d3bcb3d

  • SHA1

    5e97db48a9a27207acb43c7375d48aed775dd3d9

  • SHA256

    3d3de26239356fd97bcf46873c461cda733e751b35c84bf007dab50464fe92eb

  • SHA512

    8edd31737b357ea2d0cf542a64bb3fbb4534e3ba798dae74729ab419eed989d2e6d36f6a69b217900c72796e95f2855407a82eebd7d3e63bc048712427ae8ec0

  • SSDEEP

    6144:UIve6ZsqJM8dyO6WXKGHaN64aMw9G4VwpOv0JgkmUWd:UUZJME3cGx4l42pOv4goWd

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d3de26239356fd97bcf46873c461cda733e751b35c84bf007dab50464fe92eb.exe
    "C:\Users\Admin\AppData\Local\Temp\3d3de26239356fd97bcf46873c461cda733e751b35c84bf007dab50464fe92eb.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2436
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 396
      2⤵
      • Program crash
      PID:3264
    • C:\Users\Admin\AppData\Local\Temp\3d3de26239356fd97bcf46873c461cda733e751b35c84bf007dab50464fe92eb.exe
      C:\Users\Admin\AppData\Local\Temp\3d3de26239356fd97bcf46873c461cda733e751b35c84bf007dab50464fe92eb.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1412
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 364
        3⤵
        • Program crash
        PID:3308
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2436 -ip 2436
    1⤵
      PID:4540
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 1412 -ip 1412
      1⤵
        PID:1316

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\3d3de26239356fd97bcf46873c461cda733e751b35c84bf007dab50464fe92eb.exe
        Filesize

        223KB

        MD5

        565a6181478e731782311650cd182d32

        SHA1

        8d01f8da420a4d1a57986b8177c466cecadca265

        SHA256

        ed231e623cfafb08a43f1d2926cff4ac2f93031dd7cbd0215a220051fd5dde73

        SHA512

        6cf6b44ea2337c8e9cd632c9cefa0421fe21da8c26b4305eeb246669a31b43690cb63177f7d681fd2a0a341a4fc8f49b247e2aaac336cfa13d3414e4f3f0af34

        Download Submit

      • memory/1412-7-0x0000000000400000-0x0000000000446000-memory.dmp

        Filesize

        280KB

        Download

      • memory/1412-9-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/1412-13-0x0000000003D90000-0x0000000003DD6000-memory.dmp

        Filesize

        280KB

        Download

      • memory/1412-14-0x0000000000400000-0x0000000000446000-memory.dmp

        Filesize

        280KB

        Download

      • memory/2436-0-0x0000000000400000-0x0000000000446000-memory.dmp

        Filesize

        280KB

        Download

      • memory/2436-6-0x0000000000400000-0x0000000000446000-memory.dmp

        Filesize

        280KB

        Download