Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

02bc869f23...c7.exe

windows7-x64

7

02bc869f23...c7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    79s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/06/2024, 17:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02bc869f23ad06edcac190bed12352f4ea64b0af9f617274026f6a2c2097d2c7.exe

  • Size

    320KB

  • MD5

    51bd613f8488f7b8dd593d076d242f80

  • SHA1

    c6997b772d930863094c6d120a473a41bcb2b91f

  • SHA256

    02bc869f23ad06edcac190bed12352f4ea64b0af9f617274026f6a2c2097d2c7

  • SHA512

    fae49a17f79e6c56e84a73e2067a75efd9da5477ef47b84e823ab7b09072413ffcbb4fd9d04d49ccc37750b8ae3ee3286d479a9ed3007c0ce7e73b59c5adaf59

  • SSDEEP

    6144:26OzJ1fFYRA0Eo5MTtNdowuX9aLisM+NeOV40saiigCX:2jNMW5ewuX9aLisvNeOVQ5zCX

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02bc869f23ad06edcac190bed12352f4ea64b0af9f617274026f6a2c2097d2c7.exe
    "C:\Users\Admin\AppData\Local\Temp\02bc869f23ad06edcac190bed12352f4ea64b0af9f617274026f6a2c2097d2c7.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1948
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 344
      2⤵
      • Program crash
      PID:2612
    • C:\Users\Admin\AppData\Local\Temp\02bc869f23ad06edcac190bed12352f4ea64b0af9f617274026f6a2c2097d2c7.exe
      C:\Users\Admin\AppData\Local\Temp\02bc869f23ad06edcac190bed12352f4ea64b0af9f617274026f6a2c2097d2c7.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2548
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 364
        3⤵
        • Program crash
        PID:744
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1948 -ip 1948
    1⤵
      PID:4828
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2548 -ip 2548
      1⤵
        PID:2136

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\02bc869f23ad06edcac190bed12352f4ea64b0af9f617274026f6a2c2097d2c7.exe
        Filesize

        320KB

        MD5

        5dc57bf9bb467a0a346c423d517e6097

        SHA1

        b72ef351e70f02221808a28f91bf2b4a5dfe4b97

        SHA256

        c11ac659e1cf450ccde50feeba53fe958b3e957d8b4cd5a921ec5f8480cb0c13

        SHA512

        e3fa1653bf1644f9f6e666b8fe55da9893bf5db9949e62255440d21ad7a0d89080afca2561c3e0b14840ace2ef399b598b9fd795b10f5c8d3e577cf87aaacda4

        Download Submit

      • memory/1948-0-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/1948-6-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2548-7-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2548-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/2548-13-0x0000000000190000-0x00000000001D2000-memory.dmp

        Filesize

        264KB

        Download