Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b63d1a558c...0N.exe

windows7-x64

7

b63d1a558c...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/07/2024, 11:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b63d1a558c34e46bb1e5fcfd705769d0N.exe

  • Size

    202KB

  • MD5

    b63d1a558c34e46bb1e5fcfd705769d0

  • SHA1

    72f359d2415418889438d6713249638a7ff48051

  • SHA256

    5388419953aa5109f56f12fa71322acced8a81ca623c5c987701ef514204ba00

  • SHA512

    f5fefa5529853879c2147a515452a8b359781fe5b1155f7576201427960f5d27042e53c21f43fbc65a70fcfdf3a99867c1ac531c09fe2d3a5e802115f7dc30f6

  • SSDEEP

    6144:p6MPejMRxxZY69fesmvOW5Ps9Huhk1sTAitD8FhQwrM46shbc500RXqX+ZyJXSzL:pfTxR9msoOwPWOhXrP

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b63d1a558c34e46bb1e5fcfd705769d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b63d1a558c34e46bb1e5fcfd705769d0N.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4264
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 396
      2⤵
      • Program crash
      PID:1168
    • C:\Users\Admin\AppData\Local\Temp\b63d1a558c34e46bb1e5fcfd705769d0N.exe
      C:\Users\Admin\AppData\Local\Temp\b63d1a558c34e46bb1e5fcfd705769d0N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1316
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 368
        3⤵
        • Program crash
        PID:4688
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4264 -ip 4264
    1⤵
      PID:3572
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1316 -ip 1316
      1⤵
        PID:2760

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\b63d1a558c34e46bb1e5fcfd705769d0N.exe
        Filesize

        202KB

        MD5

        b3649f096350cdc0a176786ce1f66b39

        SHA1

        4ae902733d903b98b337e2565fdb76b1f3c95d94

        SHA256

        ee28b734f11f37d847cb8cb014098ec499dc15a22664b37fdd1d9aafa6645c84

        SHA512

        74b374e1dfd21edae36043e8418018006c6122f7d74554f078e714cf28be33da51139dc2f06dc765370aa523d6edf1d13798bf96fee7a43fc3d297490292d853

        Download Submit

      • memory/1316-7-0x0000000000400000-0x000000000043E000-memory.dmp

        Filesize

        248KB

        Download

      • memory/1316-9-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/1316-13-0x00000000015B0000-0x00000000015EE000-memory.dmp

        Filesize

        248KB

        Download

      • memory/1316-14-0x0000000000400000-0x000000000043E000-memory.dmp

        Filesize

        248KB

        Download

      • memory/4264-0-0x0000000000400000-0x000000000043E000-memory.dmp

        Filesize

        248KB

        Download

      • memory/4264-6-0x0000000000400000-0x000000000043E000-memory.dmp

        Filesize

        248KB

        Download