Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

245f5fed0c...0N.exe

windows7-x64

7

245f5fed0c...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    103s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/07/2024, 22:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    245f5fed0cede37fba16c284a13011b0N.exe

  • Size

    203KB

  • MD5

    245f5fed0cede37fba16c284a13011b0

  • SHA1

    b1bf02ca78ec6d3e4f404fae15534594ac6fb8da

  • SHA256

    181039fc7317aab1e88c6fba9dd09af486914fb934c85dbb4409f6c5627a7213

  • SHA512

    4e1e2c2e45bb30e45b2e383c861bfd7bf441ed37e7c4f1b9d16cd2d9f5f8e3dfd1047ffc8faa4e4cc117f26fd0966d10bc83e0753b7a533aa6836774a082e9c1

  • SSDEEP

    6144:0dlPOMcRvqbjCBwnKQvyaPhNDH12888xSWG1B78:0dlHglwnKgycNb1k8xRG1BA

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\245f5fed0cede37fba16c284a13011b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\245f5fed0cede37fba16c284a13011b0N.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2320
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 396
      2⤵
      • Program crash
      PID:2856
    • C:\Users\Admin\AppData\Local\Temp\245f5fed0cede37fba16c284a13011b0N.exe
      C:\Users\Admin\AppData\Local\Temp\245f5fed0cede37fba16c284a13011b0N.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:848
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 364
        3⤵
        • Program crash
        PID:1712
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 2320 -ip 2320
    1⤵
      PID:5088
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 848 -ip 848
      1⤵
        PID:972

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\245f5fed0cede37fba16c284a13011b0N.exe
        Filesize

        203KB

        MD5

        439d734d783c1ef3cf1ba994a2bdf375

        SHA1

        eaa574910cc61b90895d0108b444829eb1789cbe

        SHA256

        fa50baa70d748ec719e51ae3905ed85621841ccf7263c2bd518190769fe2521f

        SHA512

        fa1fa4b9fe1a23fd02736725a6dfd45977196d4ea78e015f2fe7c6a1a8749cebbd992ee9ebd5b288ed60aa250a1135f1fcc41b08402c7092fb7b82c7392b4279

        Download Submit

      • memory/848-7-0x0000000000400000-0x000000000043F000-memory.dmp

        Filesize

        252KB

        Download

      • memory/848-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/848-13-0x0000000004D80000-0x0000000004DBF000-memory.dmp

        Filesize

        252KB

        Download

      • memory/2320-0-0x0000000000400000-0x000000000043F000-memory.dmp

        Filesize

        252KB

        Download

      • memory/2320-6-0x0000000000400000-0x000000000043F000-memory.dmp

        Filesize

        252KB

        Download