Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

dad907fbf3...d1.exe

windows7-x64

7

dad907fbf3...d1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/07/2024, 05:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dad907fbf382325926fd527538a2bfd2ab8da73e0233bdd0d892bdfba4f1ebd1.exe

  • Size

    384KB

  • MD5

    6615db16d23a9f03855084465518a8bb

  • SHA1

    4076bb32a0f2388b79298ab7da9796dda301dbe8

  • SHA256

    dad907fbf382325926fd527538a2bfd2ab8da73e0233bdd0d892bdfba4f1ebd1

  • SHA512

    edef05624db13b2dbbdecd0c5857a5c53c18bcdb63d555caa684388d5ef2cff3429ba2a312c121f128a4bb8d26fd36406e0bf4547a5fc92ec128c09dac755d90

  • SSDEEP

    12288:w64Ja/GE6goTVtdW/sEzrWtHOw0iFauY/B/dc:8JIGlVtdW/sEzrWtHOw0iFauY/B/dc

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dad907fbf382325926fd527538a2bfd2ab8da73e0233bdd0d892bdfba4f1ebd1.exe
    "C:\Users\Admin\AppData\Local\Temp\dad907fbf382325926fd527538a2bfd2ab8da73e0233bdd0d892bdfba4f1ebd1.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4472
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 396
      2⤵
      • Program crash
      PID:3184
    • C:\Users\Admin\AppData\Local\Temp\dad907fbf382325926fd527538a2bfd2ab8da73e0233bdd0d892bdfba4f1ebd1.exe
      C:\Users\Admin\AppData\Local\Temp\dad907fbf382325926fd527538a2bfd2ab8da73e0233bdd0d892bdfba4f1ebd1.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2248
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 364
        3⤵
        • Program crash
        PID:1908
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4472 -ip 4472
    1⤵
      PID:4556
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2248 -ip 2248
      1⤵
        PID:4752

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\dad907fbf382325926fd527538a2bfd2ab8da73e0233bdd0d892bdfba4f1ebd1.exe
        Filesize

        384KB

        MD5

        dfc960767a7a514ce8f10be8ebe1fcd5

        SHA1

        6e312632ddf30d0636e190561ddb10d784b310f4

        SHA256

        53a2920419d0617a372e323de8f872ce18da2aec7fe01e77c45295388bce749f

        SHA512

        9fe7e8c9bf7fffb795a1b45aed0d2a71a4d8896d8f3b7fe824175dc5ab6f0f2291fe95d40069799a110719d2c07bba19753baf787fb07ce03c32858683f3813b

        Download Submit

      • memory/2248-8-0x0000000000400000-0x0000000000437000-memory.dmp

        Filesize

        220KB

        Download

      • memory/2248-9-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/2248-14-0x00000000015F0000-0x0000000001627000-memory.dmp

        Filesize

        220KB

        Download

      • memory/4472-0-0x0000000000400000-0x0000000000437000-memory.dmp

        Filesize

        220KB

        Download

      • memory/4472-7-0x0000000000400000-0x0000000000437000-memory.dmp

        Filesize

        220KB

        Download