Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

6c4f48a92a...9f.exe

windows7-x64

7

6c4f48a92a...9f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    124s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/06/2024, 22:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6c4f48a92a88dd72d6e92aaaebb8d674ca6bb3263999bda5d663791f89d28e9f.exe

  • Size

    256KB

  • MD5

    a735f1c4d0b1a8f8a57b9f6cc21c4d5d

  • SHA1

    ca2f6b0b9f35bfd3342c041dbcae64e55df2197f

  • SHA256

    6c4f48a92a88dd72d6e92aaaebb8d674ca6bb3263999bda5d663791f89d28e9f

  • SHA512

    0c221c8a437cd267dccd8b31a50851bc292fa9d772b4e9f63f76997c3dc0b91c90c17399c9719e40fe15ee6d15af02e3194f95e45684f6c0ddbaed11272f3970

  • SSDEEP

    6144:aBWIqEf6AAlZVZdLS+8Zg6S1dqShh2+SZx79H0W7cyqCxSng7:4WIz6AATVZdLOgT6R7j0nk

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 5 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6c4f48a92a88dd72d6e92aaaebb8d674ca6bb3263999bda5d663791f89d28e9f.exe
    "C:\Users\Admin\AppData\Local\Temp\6c4f48a92a88dd72d6e92aaaebb8d674ca6bb3263999bda5d663791f89d28e9f.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1232
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 384
      2⤵
      • Program crash
      PID:4380
    • C:\Users\Admin\AppData\Local\Temp\6c4f48a92a88dd72d6e92aaaebb8d674ca6bb3263999bda5d663791f89d28e9f.exe
      C:\Users\Admin\AppData\Local\Temp\6c4f48a92a88dd72d6e92aaaebb8d674ca6bb3263999bda5d663791f89d28e9f.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1656
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 352
        3⤵
        • Program crash
        PID:4608
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 772
        3⤵
        • Program crash
        PID:2464
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 544
        3⤵
        • Program crash
        PID:1860
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 808
        3⤵
        • Program crash
        PID:1232
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1232 -ip 1232
    1⤵
      PID:2800
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1656 -ip 1656
      1⤵
        PID:1244
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4184,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=4232 /prefetch:8
        1⤵
          PID:2876
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1656 -ip 1656
          1⤵
            PID:4620
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1656 -ip 1656
            1⤵
              PID:1120
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1656 -ip 1656
              1⤵
                PID:3864

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\6c4f48a92a88dd72d6e92aaaebb8d674ca6bb3263999bda5d663791f89d28e9f.exe
                Filesize

                256KB

                MD5

                2feefa65d8c999e62667e64d628f6eae

                SHA1

                0983c76ca6f043ef0c8128aa678009aa5392e41c

                SHA256

                48b45ebf645386f162f05ab6fb668d1586cce132199dc8b634dba404376b0474

                SHA512

                79bc3a4558821fc73ba650da92986e6fd05f39a1e05b1e2eb28d373dd12e797e0824b302b459a6ad29093be2d2fb095463a5c9b3b056e28e62680a7b43302109

                Download Submit

              • memory/1232-0-0x0000000000400000-0x0000000000441000-memory.dmp

                Filesize

                260KB

                Download

              • memory/1232-6-0x0000000000400000-0x0000000000441000-memory.dmp

                Filesize

                260KB

                Download

              • memory/1656-7-0x0000000000400000-0x0000000000441000-memory.dmp

                Filesize

                260KB

                Download

              • memory/1656-12-0x00000000001A0000-0x00000000001E1000-memory.dmp

                Filesize

                260KB

                Download

              • memory/1656-8-0x0000000000400000-0x0000000000415000-memory.dmp

                Filesize

                84KB

                Download