Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

5

Electronic Order.exe

windows7-x64

5

Electronic Order.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    94s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/07/2024, 12:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Electronic Order.exe

  • Size

    1.1MB

  • MD5

    f44d956aa3a0c41f8e8ca7d9e9ead69c

  • SHA1

    5d4cd96731237a1d8a8e03aa078b0bda9d2296a3

  • SHA256

    48bae1515ac732f33a6fbd725dfb29fe55132b1f446f0efa201c1ad10cf0b1f6

  • SHA512

    e61d7c0a4e9fe6ef74b9dcbd76c3b526af3931485cbdc4e04bf7e19077b5050eabda611b712b8f4189716236b1bab3f27c07ccd259a4bb721e77b43747c51df4

  • SSDEEP

    24576:+AHnh+eWsN3skA4RV1Hom2KXMmHas5PNdmnDIZO2/wUcl5:ph+ZkldoPK8Yas51dmni/wUO

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Electronic Order.exe
    "C:\Users\Admin\AppData\Local\Temp\Electronic Order.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:3452
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Users\Admin\AppData\Local\Temp\Electronic Order.exe"
      2⤵
        PID:1420
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 196
          3⤵
          • Program crash
          PID:4464
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 1420 -ip 1420
      1⤵
        PID:1384

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\aut8B67.tmp
        Filesize

        279KB

        MD5

        225c61445560f7ae947612076f16befe

        SHA1

        05738dc23d0acc3670c14140eb0cd5de65aed67f

        SHA256

        80ccffb4eb2f7009b45dfda32f002c9c9acc3516a709def1758d4ba3a4b34b09

        SHA512

        736419bd099b969ea58376b8b8003ad7bec253b3199d0dc8cbf08abf3ca68f6f734032011ae36ea884ad3d3c2a21e7e917e26b84e37e8a0fa81000f2c6b6687e

        Download Submit

      • memory/1420-13-0x0000000000620000-0x0000000000666000-memory.dmp

        Filesize

        280KB

        Download

      • memory/3452-12-0x0000000001860000-0x0000000001864000-memory.dmp

        Filesize

        16KB

        Download